Summary: | <www-servers/apache-2.2.11-r2 [apache2_modules_deflate]: DoS (CVE-2009-1891) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | apache-bugs | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://svn.apache.org/viewvc?view=rev&revision=791454 | ||||||
Whiteboard: | A3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 276589 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Alex Legler (RETIRED)
2009-07-06 16:48:38 UTC
Created attachment 196924 [details, diff]
apache-CVE-2009-1891.patch
Patch as applied to trunk in upstream SVN rev 791454.
fixed in 2.2.11-r2, ready for stabilization, bug 276589 should probably be closed in favor of this one. CVE-2009-1891 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1891): The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). GLSA 200907-04, thanks everyone. |