Search for vulnerabilities
Vulnerability details: VCID-2tq2-wbv4-aaab
Vulnerability ID VCID-2tq2-wbv4-aaab
Aliases CVE-2009-2699
Summary The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-667 Improper Locking
System Score Found at
epss 0.06002 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.06002 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.06002 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.06002 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.06002 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.06002 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.08727 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.09975 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.33255 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.48179 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.48179 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.48179 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
epss 0.48179 https://api.first.org/data/v1/epss?cve=CVE-2009-2699
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=528756
apache_httpd moderate https://httpd.apache.org/security/json/CVE-2009-2699.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2009-2699
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2009-2699
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2009-2699
Reference id Reference type URL
http://marc.info/?l=bugtraq&m=133355494609819&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2699.json
https://api.first.org/data/v1/epss?cve=CVE-2009-2699
http://securitytracker.com/id?1022988
https://exchange.xforce.ibmcloud.com/vulnerabilities/53666
https://issues.apache.org/bugzilla/show_bug.cgi?id=47645
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
http://www.apache.org/dist/httpd/CHANGES_2.2.14
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.securityfocus.com/bid/36596
528756 https://bugzilla.redhat.com/show_bug.cgi?id=528756
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*
CVE-2009-2699 https://httpd.apache.org/security/json/CVE-2009-2699.json
CVE-2009-2699 https://nvd.nist.gov/vuln/detail/CVE-2009-2699
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-2699
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2009-2699
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2009-2699
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.90199
EPSS Score 0.06002
Published At May 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.