Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4zzy-q5zp-jkgm
Vulnerability ID VCID-4zzy-q5zp-jkgm
Aliases CVE-2009-3720
Summary A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.
Status Published
Exploitability 0.5
Weighted Severity 2.1
Risk 1.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.01541 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.01541 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.01541 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.01541 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.01541 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.01541 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.01541 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.01541 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
apache_httpd low https://httpd.apache.org/security/json/CVE-2009-3720.json
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3720.json
https://api.first.org/data/v1/epss?cve=CVE-2009-3720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
531697 https://bugzilla.redhat.com/show_bug.cgi?id=531697
551936 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551936
560919 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560919
560920 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560920
560921 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560921
560922 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560922
560926 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560926
560927 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560927
560928 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560928
560929 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560929
560930 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560930
560935 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560935
560936 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560936
560937 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560937
560940 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560940
560942 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560942
560950 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560950
601053 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601053
CVE-2009-3720 https://httpd.apache.org/security/json/CVE-2009-3720.json
GLSA-201209-06 https://security.gentoo.org/glsa/201209-06
RHSA-2009:1572 https://access.redhat.com/errata/RHSA-2009:1572
RHSA-2009:1625 https://access.redhat.com/errata/RHSA-2009:1625
RHSA-2010:0002 https://access.redhat.com/errata/RHSA-2010:0002
RHSA-2011:0491 https://access.redhat.com/errata/RHSA-2011:0491
RHSA-2011:0492 https://access.redhat.com/errata/RHSA-2011:0492
RHSA-2017:3239 https://access.redhat.com/errata/RHSA-2017:3239
USN-890-1 https://usn.ubuntu.com/890-1/
USN-890-2 https://usn.ubuntu.com/890-2/
USN-890-3 https://usn.ubuntu.com/890-3/
USN-890-4 https://usn.ubuntu.com/890-4/
USN-890-5 https://usn.ubuntu.com/890-5/
USN-890-6 https://usn.ubuntu.com/890-6/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.8131
EPSS Score 0.01541
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:36:16.391875+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2009-3720.json 38.0.0