Lucene search
Ubuntu.comUB:CVE-2009-1890HistoryJul 05, 2009 - 12:00 a.m.
CVE-2009-1890
2009-07-0500:00:00
ubuntu.com
ubuntu.com
11
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.021 Low
EPSS
Percentile
89.0%
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module
in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured,
does not properly handle an amount of streamed data that exceeds the
Content-Length value, which allows remote attackers to cause a denial of
service (CPU consumption) via crafted requests.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | couldnβt reproduce on dapper, code is different |
Related
seebug
seebug
Apache mod_proxyεε代ηζη»ζε‘ζΌζ΄
2009-07-07 00:00:00
cve
cve
CVE-2009-1890
2009-07-05 16:30:00
httpd
httpd
Apache Httpd < 2.2.12 : mod_proxy reverse proxy DoS
2009-06-30 00:00:00
nessus
nessus
CBL Mariner 2.0 Security Update: httpd (CVE-2009-1890)
2023-03-28 00:00:00
CentOS 5 : httpd (CESA-2009:1148)
2010-01-06 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : apache2 regression (USN-802-2)
2009-08-20 00:00:00
openvas
openvas
Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
2009-07-07 00:00:00
Apache HTTP Server 'mod_proxy_http.c' Denial Of Service Vulnerability
2009-07-07 00:00:00
CentOS Update for httpd CESA-2009:1148 centos5 i386
2011-08-09 00:00:00
debiancve
debiancve
CVE-2009-1890
2009-07-05 16:30:00
cbl_mariner
cbl_mariner
CVE-2009-1890 affecting package httpd 2.4.53-1
2022-11-24 00:45:35
CVE-2009-1890 affecting package httpd 2.4.53-1
2022-11-16 02:26:12
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:34:58
prion
prion
Code injection
2009-07-05 16:30:00
oraclelinux
oraclelinux
httpd security update
2009-07-09 00:00:00
ubuntu
ubuntu
Apache regression
2009-08-19 00:00:00
Apache vulnerabilities
2009-07-13 00:00:00
redhat
redhat
(RHSA-2009:1148) Important: httpd security update
2009-07-09 00:00:00
(RHSA-2009:1156) Important: httpd security update
2009-07-14 00:00:00
(RHSA-2009:1155) Important: httpd security update
2009-07-14 00:00:00
centos
centos
httpd, mod_ssl security update
2009-07-14 12:16:38
debian
debian
[SECURITY] [DSA 1834-1] New apache2 packages fix denial of service
2009-07-15 19:01:57
[SECURITY] [DSA 1834-2] New apache/apache2-mpm-itk fix regression
2009-07-30 16:37:19
osv
osv
apache2 apache2-mpm-itk - denial of service
2009-07-15 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:149 ] apache
2009-07-09 00:00:00
Apache DoS
2009-07-09 00:00:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2009-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: httpd-2.2.13-1.fc11
2009-08-31 23:39:38
suse
suse
potential code execution in apache2,libapr1
2009-10-26 13:21:56
freebsd
freebsd
apache22 -- several vulnerabilities
2009-07-28 00:00:00
slackware
slackware
httpd
2009-08-02 15:33:03
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.021 Low
EPSS
Percentile
89.0%
Related for UB:CVE-2009-1890