Lucene search

K
cve[email protected]CVE-2009-1890
HistoryJul 05, 2009 - 4:30 p.m.

CVE-2009-1890

2009-07-0516:30:00
CWE-400
web.nvd.nist.gov
617
apache
http
server
mod_proxy
remote
denial of service
vulnerability
cve-2009-1890
nvd

6.2 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.021 Low

EPSS

Percentile

88.9%

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.

References

6.2 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.021 Low

EPSS

Percentile

88.9%

Related for CVE-2009-1890