ID CVE-2009-1890
Summary The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:*:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:*:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.6:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.6:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.9:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.9:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.11:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.11:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.12:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.12:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.13:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.13:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.14:*:mac_os:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.14:*:mac_os:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.14:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.14:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.15:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.15:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.16:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.16:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.17:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.17:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.18:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.18:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.19:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.19:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.20:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.20:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.22:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.22:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.23:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.23:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.24:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.24:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.25:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.25:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.26:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.26:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.28:beta:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.28:beta:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.32:beta:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.32:beta:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.34:beta:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.34:beta:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.46:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.46:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.58:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.58:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.2:*:windows:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.2:*:windows:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.3:*:windows:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.3:*:windows:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.65:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.65:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.2:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
oval via4
  • accepted 2015-04-20T04:00:21.941-04:00
    class vulnerability
    contributors
    • name K, Balamurugan
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
    family unix
    id oval:org.mitre.oval:def:12330
    status accepted
    submitted 2011-02-01T12:25:58.000-05:00
    title HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)
    version 45
  • accepted 2014-07-14T04:01:30.440-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Mike Lah
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Apache HTTP Server 2.2.x is installed on the system
    oval oval:org.mitre.oval:def:8550
    description The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
    family windows
    id oval:org.mitre.oval:def:8616
    status accepted
    submitted 2010-03-08T17:30:00.000-05:00
    title Apache 'mod_proxy' Remote Denial Of Service Vulnerability
    version 11
  • accepted 2013-04-29T04:19:11.136-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
    family unix
    id oval:org.mitre.oval:def:9403
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
    version 18
redhat via4
advisories
  • rhsa
    id RHSA-2009:1148
  • rhsa
    id RHSA-2009:1156
rpms
  • httpd-0:2.2.3-22.el5_3.2
  • httpd-devel-0:2.2.3-22.el5_3.2
  • httpd-manual-0:2.2.3-22.el5_3.2
  • mod_ssl-0:2.2.3-22.el5_3.2
refmap via4
aixapar
  • PK91259
  • PK99480
apple APPLE-SA-2009-11-09-1
bid 35565
bugtraq
  • 20091112 rPSA-2009-0142-1 httpd mod_ssl
  • 20091113 rPSA-2009-0142-2 httpd mod_ssl
confirm
debian DSA-1834
fedora FEDORA-2009-8812
gentoo GLSA-200907-04
hp
  • HPSBUX02612
  • SSRT100345
mandriva
  • MDVSA-2009:149
  • MDVSA-2013:150
osvdb 55553
sectrack 1022509
secunia
  • 35691
  • 35721
  • 35793
  • 35865
  • 37152
  • 37221
suse SUSE-SA:2009:050
ubuntu USN-802-1
vupen ADV-2009-3184
Last major update 30-10-2018 - 16:25
Published 05-07-2009 - 16:30
Back to Top