High severity7.5NVD Advisory· Published Oct 13, 2009· Updated Apr 23, 2026

CVE-2009-2699

Description

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.

Affected products

Apache/Http Server
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Range: >=2.2.0,<2.2.14
Apache/Portable Runtime
cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*
Range: <1.3.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/36596nvdPatchThird Party AdvisoryVDB Entry
lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3EnvdMailing ListPatch
marc.infonvdIssue TrackingMailing ListThird Party Advisory
securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.apache.org/dist/httpd/CHANGES_2.2.14nvdBroken LinkVendor Advisory
www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.htmlnvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/53666nvdThird Party AdvisoryVDB Entry
issues.apache.org/bugzilla/show_bug.cginvdIssue TrackingVendor Advisory
www.mandriva.com/security/advisoriesnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000