CVE-2009-3720

EPSS

1.16%V4

Vector

Network

Published

2009-11-03
15h00 +00:00

Modified

2021-06-06
08h10 +00:00

Official links

CVE.org

NVD

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Notifications manage

alertModalTitleNeedConnected

Activate your personalized alerts!

To activate your alerts, you just need to be logged in to your free account. If you’re not logged in yet, choose one of the options below.

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Criteria applied when sending the alert: compared with the last alert sent + differences in CISA, EPSS, CVSS, CWE, Solutions, CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specified here a CVE ID as CVE-2025-1234

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

CVE Descriptions

The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE Other	No informations.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	5		AV:N/AC:L/Au:N/C:N/I:N/A:P	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Libexpat_project>>Libexpat >> Version 2.0.1

A_m_kuchling>>Pyxml >> Version *

Python>>Python >> Version *

Configuraton 0

Apache>>Http_server >> Version From (including) 2.0.35 To (excluding) 2.0.64

Apache>>Http_server >> Version From (including) 2.2.0 To (excluding) 2.2.17

References

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026
Tags : vendor-advisory, x_refsource_SLACKWARE

http://svn.python.org/view?view=rev&revision=74429
Tags : x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-2009:215
Tags : vendor-advisory, x_refsource_MANDRIVA

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051442.html
Tags : vendor-advisory, x_refsource_FEDORA

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01274.html
Tags : vendor-advisory, x_refsource_FEDORA

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html
Tags : vendor-advisory, x_refsource_FEDORA

http://secunia.com/advisories/38832
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.redhat.com/support/errata/RHSA-2010-0002.html
Tags : vendor-advisory, x_refsource_REDHAT

http://www.mandriva.com/security/advisories?name=MDVSA-2009:216
Tags : vendor-advisory, x_refsource_MANDRIVA

http://www.ubuntu.com/usn/USN-890-1
Tags : vendor-advisory, x_refsource_UBUNTU

http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch
Tags : x_refsource_CONFIRM

http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?view=log
Tags : x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
Tags : vendor-advisory, x_refsource_SUSE

http://www.openwall.com/lists/oss-security/2009/10/22/9
Tags : mailing-list, x_refsource_MLIST

http://www.mandriva.com/security/advisories?name=MDVSA-2009:220
Tags : vendor-advisory, x_refsource_MANDRIVA

http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html
Tags : mailing-list, x_refsource_MLIST

http://secunia.com/advisories/38794
Tags : third-party-advisory, x_refsource_SECUNIA

http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Tags : mailing-list, x_refsource_MLIST

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11019
Tags : vdb-entry, signature, x_refsource_OVAL

http://www.vupen.com/english/advisories/2010/1107
Tags : vdb-entry, x_refsource_VUPEN

http://www.mandriva.com/security/advisories?name=MDVSA-2009:211
Tags : vendor-advisory, x_refsource_MANDRIVA

http://www.openwall.com/lists/oss-security/2009/08/26/4
Tags : mailing-list, x_refsource_MLIST

http://secunia.com/advisories/41701
Tags : third-party-advisory, x_refsource_SECUNIA

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Tags : vendor-advisory, x_refsource_SUSE

http://www.openwall.com/lists/oss-security/2009/08/21/2
Tags : mailing-list, x_refsource_MLIST

http://secunia.com/advisories/37925
Tags : third-party-advisory, x_refsource_SECUNIA

http://secunia.com/advisories/38050
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.securitytracker.com/id?1023160
Tags : vdb-entry, x_refsource_SECTRACK

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Tags : vendor-advisory, x_refsource_SUSE

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7112
Tags : vdb-entry, signature, x_refsource_OVAL

https://bugzilla.redhat.com/show_bug.cgi?id=531697
Tags : x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051367.html
Tags : vendor-advisory, x_refsource_FEDORA

http://www.openwall.com/lists/oss-security/2009/10/23/2
Tags : mailing-list, x_refsource_MLIST

http://www.ubuntu.com/usn/USN-890-6
Tags : vendor-advisory, x_refsource_UBUNTU

http://www.openwall.com/lists/oss-security/2009/10/26/3
Tags : mailing-list, x_refsource_MLIST

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051247.html
Tags : vendor-advisory, x_refsource_FEDORA

http://www.openwall.com/lists/oss-security/2009/08/26/3
Tags : mailing-list, x_refsource_MLIST

http://secunia.com/advisories/42338
Tags : third-party-advisory, x_refsource_SECUNIA

https://bugs.gentoo.org/show_bug.cgi?id=280615
Tags : x_refsource_CONFIRM

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html
Tags : vendor-advisory, x_refsource_FEDORA

http://secunia.com/advisories/38231
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.vupen.com/english/advisories/2010/3053
Tags : vdb-entry, x_refsource_VUPEN

http://www.openwall.com/lists/oss-security/2009/10/28/3
Tags : mailing-list, x_refsource_MLIST

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051228.html
Tags : vendor-advisory, x_refsource_FEDORA

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
Tags : vendor-advisory, x_refsource_SUSE

http://www.mandriva.com/security/advisories?name=MDVSA-2009:212
Tags : vendor-advisory, x_refsource_MANDRIVA

http://www.mandriva.com/security/advisories?name=MDVSA-2009:218
Tags : vendor-advisory, x_refsource_MANDRIVA

http://secunia.com/advisories/38834
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.vupen.com/english/advisories/2010/3061
Tags : vdb-entry, x_refsource_VUPEN

http://sourceforge.net/tracker/index.php?func=detail&aid=1990430&group_id=10127&atid=110127
Tags : x_refsource_MISC

http://secunia.com/advisories/39478
Tags : third-party-advisory, x_refsource_SECUNIA

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Tags : vendor-advisory, x_refsource_SUSE

http://secunia.com/advisories/37537
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.openwall.com/lists/oss-security/2009/10/22/5
Tags : mailing-list, x_refsource_MLIST

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12719
Tags : vdb-entry, signature, x_refsource_OVAL

http://secunia.com/advisories/43300
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.redhat.com/support/errata/RHSA-2011-0896.html
Tags : vendor-advisory, x_refsource_REDHAT

http://www.vupen.com/english/advisories/2010/0896
Tags : vdb-entry, x_refsource_VUPEN

http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1
Tags : vendor-advisory, x_refsource_SUNALERT

http://marc.info/?l=bugtraq&m=130168502603566&w=2
Tags : vendor-advisory, x_refsource_HP

http://www.openwall.com/lists/oss-security/2009/08/27/6
Tags : mailing-list, x_refsource_MLIST

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051405.html
Tags : vendor-advisory, x_refsource_FEDORA

http://www.openwall.com/lists/oss-security/2009/09/06/1
Tags : mailing-list, x_refsource_MLIST

http://www.openwall.com/lists/oss-security/2009/10/23/6
Tags : mailing-list, x_refsource_MLIST

http://www.vupen.com/english/advisories/2011/0359
Tags : vdb-entry, x_refsource_VUPEN

http://www.mandriva.com/security/advisories?name=MDVSA-2009:219
Tags : vendor-advisory, x_refsource_MANDRIVA

http://www.vupen.com/english/advisories/2010/3035
Tags : vdb-entry, x_refsource_VUPEN

http://www.mandriva.com/security/advisories?name=MDVSA-2009:217
Tags : vendor-advisory, x_refsource_MANDRIVA

http://secunia.com/advisories/37324
Tags : third-party-advisory, x_refsource_SECUNIA

http://secunia.com/advisories/42326
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.vupen.com/english/advisories/2010/0528
Tags : vdb-entry, x_refsource_VUPEN

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Tags : mailing-list, x_refsource_MLIST

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	5.73%	–	–
2022-04-03	–	–	5.73%	–	–
2022-05-29	–	–	5.73%	–	–
2023-03-12	–	–	–	1.67%	–
2024-02-11	–	–	–	1.67%	–
2024-02-18	–	–	–	3.23%	–
2024-06-02	–	–	–	3.23%	–
2024-06-16	–	–	–	3.05%	–
2024-07-28	–	–	–	2.73%	–
2024-10-13	–	–	–	2.91%	–
2024-11-17	–	–	–	3.01%	–
2024-12-22	–	–	–	5.51%	–
2025-01-19	–	–	–	5.51%	–
2025-03-18	–	–	–	–	0.94%
2025-03-30	–	–	–	–	0.76%
2025-04-15	–	–	–	–	0.76%
2025-05-01	–	–	–	–	1.22%
2025-05-04	–	–	–	–	0.76%
2025-06-01	–	–	–	–	1.22%
2025-06-04	–	–	–	–	0.76%
2025-07-01	–	–	–	–	1.22%
2025-07-04	–	–	–	–	0.76%
2025-07-30	–	–	–	–	0.59%
2025-08-01	–	–	–	–	0.95%
2025-08-02	–	–	–	–	1.07%
2025-08-04	–	–	–	–	0.67%
2025-08-25	–	–	–	–	0.92%
2025-08-26	–	–	–	–	1.37%
2025-09-08	–	–	–	–	1.37%
2025-10-01	–	–	–	–	3.01%
2025-10-04	–	–	–	–	1.77%
2025-10-27	–	–	–	–	1.37%
2025-10-28	–	–	–	–	1.77%
2025-11-01	–	–	–	–	3.01%
2025-11-04	–	–	–	–	1.77%
2025-11-18	–	–	–	–	1.77%
2025-11-21	–	–	–	–	1.77%
2025-12-01	–	–	–	–	3.01%
2025-12-04	–	–	–	–	1.77%
2025-12-10	–	–	–	–	1.31%
2025-12-13	–	–	–	–	1.13%
2025-12-27	–	–	–	–	1.18%
2025-12-28	–	–	–	–	1.13%
2026-01-01	–	–	–	–	1.94%
2026-01-04	–	–	–	–	1.13%
2026-01-23	–	–	–	–	1.16%

Date	Percentile
2022-02-06	77%
2022-04-03	89%
2022-05-29	9%
2023-03-12	86%
2024-02-11	87%
2024-02-18	91%
2024-06-02	91%
2024-06-16	91%
2024-07-28	91%
2024-10-13	91%
2024-11-17	91%
2024-12-22	93%
2025-01-19	93%
2025-03-18	75%
2025-03-30	71%
2025-04-15	72%
2025-05-01	78%
2025-05-04	72%
2025-06-01	78%
2025-06-04	72%
2025-07-01	78%
2025-07-04	72%
2025-07-30	68%
2025-08-01	75%
2025-08-02	77%
2025-08-04	7%
2025-08-25	75%
2025-08-26	79%
2025-09-08	8%
2025-10-01	86%
2025-10-04	82%
2025-10-27	8%
2025-10-28	82%
2025-11-01	86%
2025-11-04	82%
2025-11-18	81%
2025-11-21	82%
2025-12-01	86%
2025-12-04	82%
2025-12-10	79%
2025-12-13	78%
2025-12-27	78%
2025-12-28	78%
2026-01-01	83%
2026-01-04	78%
2026-01-23	78%

CVE-2009-3720 : Detail

CVE-2009-3720

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

Configuraton 0

References