Computer Security
[EN] securityvulns.ru no-pyccku


Apache DoS
Published:09.07.2009
Source:
SecurityVulns ID:10059
Type:remote
Threat Level:
5/10
Description:Data exceeding Content-length value causes CPU exhaustion. mod_deflate doesn't break file compress operation if client disconnects.
Affected:APACHE : Apache 2.2
 APACHE : Apache 2.3
CVE:CVE-2009-1891 (The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).)
 CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:149 ] apache (09.07.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod