CVE-2009-1890
CVE-2009-1890
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlhttp://marc.info/?l=bugtraq&m=129190899612998&w=2http://osvdb.org/55553http://secunia.com/advisories/35691http://secunia.com/advisories/35721http://secunia.com/advisories/35793http://secunia.com/advisories/35865http://secunia.com/advisories/37152http://secunia.com/advisories/37221http://security.gentoo.org/glsa/glsa-200907-04.xmlhttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E