Bug#540862: apache2: xml-based firewall bypass / port scanning vulnerability
On Monday 10 August 2009, Michael S Gilbert wrote:
> it has been dislosed that apache (and potentially other web
> servers) can be used to port scan behind a firewall. i don't think
> this issue issue too severe, but a firewall bypass nevertheless is
> probably not a good thing. see .
I believe the only part of apache that parses xml is mod_dav. And for
this, the fix for CVE-2009-1955 in apr-util has already disabled XML
entity expansion altogether. Therefore I don't think apache itself is
vulnerable. Of course, if their scanner is available, it would make
sense to actually test this.
OTOH, there are probably many web applications that are vulnerable.
But there is nothing to be done about that in Apache.