CVE-2009-1891

Опубликовано: 10 июл. 2009

Источник: nvd

CVSS2: 7.1

EPSS Средний

Описание

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

Ссылки

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712
Exploit
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Broken Link
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
Mailing List
Third Party Advisory
http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2
Exploit
Issue Tracking
Mailing List
Third Party Advisory
http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2
Issue Tracking
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=129190899612998&w=2
Issue Tracking
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=129190899612998&w=2
Issue Tracking
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Issue Tracking
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Issue Tracking
Mailing List
Third Party Advisory
http://osvdb.org/55782
Broken Link
http://secunia.com/advisories/35721
Not Applicable
Vendor Advisory
http://secunia.com/advisories/35781
Not Applicable
Vendor Advisory
http://secunia.com/advisories/35793
Not Applicable
Vendor Advisory
http://secunia.com/advisories/35865
Not Applicable
Vendor Advisory
http://secunia.com/advisories/37152
Not Applicable
Vendor Advisory
http://secunia.com/advisories/37221
Not Applicable
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200907-04.xml
Third Party Advisory
http://support.apple.com/kb/HT3937
Broken Link
http://wiki.rpath.com/Advisories:rPSA-2009-0142
Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.0.35 (включая) до 2.0.64 (исключая)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.2.0 (включая) до 2.2.12 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.20931

Средний

7.1 High

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2009-1891

ubuntu

почти 16 лет назад

CVE-2009-1891

redhat

почти 16 лет назад

CVE-2009-1891

debian

почти 16 лет назад

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses l ...

GHSA-hwvh-jv6j-6p3p

github

около 3 лет назад

ELSA-2009-1148

oracle-oval

почти 16 лет назад

ELSA-2009-1148: httpd security update (IMPORTANT)

EPSS

Процентиль: 95%

0.20931

Средний

7.1 High

CVSS2

Дефекты

CWE-400