Search for vulnerabilities
Vulnerability details: VCID-decx-ng47-vfcr
Vulnerability ID VCID-decx-ng47-vfcr
Aliases CVE-2009-3720
Summary A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.
Status Published
Exploitability 0.5
Weighted Severity 2.1
Risk 1.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00589 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.00589 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.0067 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.00946 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.01074 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
epss 0.01074 https://api.first.org/data/v1/epss?cve=CVE-2009-3720
apache_httpd low https://httpd.apache.org/security/json/CVE-2009-3720.json
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3720.json
https://api.first.org/data/v1/epss?cve=CVE-2009-3720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
531697 https://bugzilla.redhat.com/show_bug.cgi?id=531697
551936 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551936
CVE-2009-3720 https://httpd.apache.org/security/json/CVE-2009-3720.json
RHSA-2009:1572 https://access.redhat.com/errata/RHSA-2009:1572
RHSA-2009:1625 https://access.redhat.com/errata/RHSA-2009:1625
RHSA-2010:0002 https://access.redhat.com/errata/RHSA-2010:0002
RHSA-2011:0491 https://access.redhat.com/errata/RHSA-2011:0491
RHSA-2011:0492 https://access.redhat.com/errata/RHSA-2011:0492
RHSA-2017:3239 https://access.redhat.com/errata/RHSA-2017:3239
USN-890-1 https://usn.ubuntu.com/890-1/
USN-890-2 https://usn.ubuntu.com/890-2/
USN-890-3 https://usn.ubuntu.com/890-3/
USN-890-4 https://usn.ubuntu.com/890-4/
USN-890-5 https://usn.ubuntu.com/890-5/
USN-890-6 https://usn.ubuntu.com/890-6/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.68187
EPSS Score 0.00589
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:28:51.396007+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2009-3720.json 37.0.0