FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1891

This CVE name corresponds to:

Entered Topic
2009-08-25 apache22 -- several vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-1891 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-1891
Phase Assigned(20090602)

Description

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

References

Source Reference
BUGTRAQ 20091113 rPSA-2009-0142-2 httpd mod_ssl
MLIST [apache-httpd-dev] 20090628 mod_deflate DoS
MLIST [apache-httpd-dev] 20090703 Re: mod_deflate DoS
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=509125
CONFIRM http://support.apple.com/kb/HT3937
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0142
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142
AIXAPAR PK91361
AIXAPAR PK99480
APPLE APPLE-SA-2009-11-09-1
DEBIAN DSA-1834
FEDORA FEDORA-2009-8812
GENTOO GLSA-200907-04
HP HPSBUX02612
HP SSRT100345
HP HPSBOV02683
HP SSRT090208
MANDRIVA MDVSA-2009:149
REDHAT RHSA-2009:1148
REDHAT RHSA-2009:1156
SUSE SUSE-SA:2009:050
UBUNTU USN-802-1
OSVDB 55782
OVAL oval:org.mitre.oval:def:8632
OVAL oval:org.mitre.oval:def:9248
OVAL oval:org.mitre.oval:def:12361
SECTRACK 1022529
SECUNIA 35721
SECUNIA 35781
SECUNIA 35793
SECUNIA 35865
SECUNIA 37152
SECUNIA 37221
VUPEN ADV-2009-1841
VUPEN ADV-2009-3184

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.