High severity7.5NVD Advisory· Published Oct 13, 2009· Updated Jun 16, 2026
CVE-2009-2699
CVE-2009-2699
Description
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*range: >=2.2.0,<2.2.14
- (no CPE)range: <2.2.14
- osv-coords8 versionspkg:rpm/opensuse/apache2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Studio%20Onsite%201.3
< 2.4.23-4.1+ 7 more
- (no CPE)range: < 2.4.23-4.1
- (no CPE)range: < 2.2.34-70.12.1
- (no CPE)range: < 2.2.34-70.12.1
- (no CPE)range: < 2.2.34-70.12.1
- (no CPE)range: < 2.2.34-70.12.1
- (no CPE)range: < 2.2.34-70.12.1
- (no CPE)range: < 2.2.34-70.12.1
- (no CPE)range: < 2.2.34-70.12.1
Patches
Vulnerability mechanics
References
20- www.securityfocus.com/bid/36596nvdPatchThird Party AdvisoryVDB Entry
- lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
- marc.infonvdIssue TrackingMailing ListThird Party Advisory
- securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.apache.org/dist/httpd/CHANGES_2.2.14nvdBroken LinkVendor Advisory
- www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.htmlnvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/53666nvdThird Party AdvisoryVDB Entry
- issues.apache.org/bugzilla/show_bug.cginvdIssue TrackingVendor Advisory
- www.mandriva.com/security/advisoriesnvdBroken Link
News mentions
0No linked articles in our index yet.