FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1890

This CVE name corresponds to:

Entered Topic
2009-08-25 apache22 -- several vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-1890 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-1890
Phase Assigned(20090602)

Description

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.

References

Source Reference
BUGTRAQ 20091112 rPSA-2009-0142-1 httpd mod_ssl
BUGTRAQ 20091113 rPSA-2009-0142-2 httpd mod_ssl
CONFIRM http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587
CONFIRM http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?revision=790587
CONFIRM http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=790587&r2=790586&pathrev=790587
CONFIRM http://svn.apache.org/viewvc?view=rev&revision=790587
CONFIRM http://support.apple.com/kb/HT3937
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0142
CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
AIXAPAR PK91259
AIXAPAR PK99480
APPLE APPLE-SA-2009-11-09-1
DEBIAN DSA-1834
FEDORA FEDORA-2009-8812
GENTOO GLSA-200907-04
HP HPSBUX02612
HP SSRT100345
MANDRIVA MDVSA-2009:149
MANDRIVA MDVSA-2013:150
REDHAT RHSA-2009:1148
REDHAT RHSA-2009:1156
SUSE SUSE-SA:2009:050
UBUNTU USN-802-1
BID 35565
OSVDB 55553
OVAL oval:org.mitre.oval:def:8616
OVAL oval:org.mitre.oval:def:9403
OVAL oval:org.mitre.oval:def:12330
SECTRACK 1022509
SECUNIA 35691
SECUNIA 35721
SECUNIA 35793
SECUNIA 35865
SECUNIA 37152
SECUNIA 37221
VUPEN ADV-2009-3184

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.