exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2009-1891

Status Candidate

Overview

CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate

Related Files

HP Security Bulletin HPSBOV02683 SSRT090208
Posted May 10, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, php, vulnerability
advisories | CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010
SHA-256 | a7638da01e18d2a3d9c6e84728556bb08fdb00082b9c904826eb85aa31a5870d
HP Security Bulletin HPSBUX02612 SSRT100345
Posted Dec 9, 2010
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02612 SSRT100345 - Potential security vulnerabilities have been identified with HP-UX Apache-based Web Server. These vulnerabilities could be exploited locally to disclose information, increase privilege or remotely create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2010-1452, CVE-2009-1956, CVE-2009-1955, CVE-2009-1891, CVE-2009-1890, CVE-2009-1195, CVE-2009-0023, CVE-2007-6203, CVE-2006-3918
SHA-256 | b1f190998016e144317781b119e85f9b8dd0c136204c8fe53bffb4d260a8e398
Mandriva Linux Security Advisory 2009-323
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-323 - Multiple vulnerabilities has been found and corrected in apache. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-1678, CVE-2008-2939, CVE-2009-1191, CVE-2009-1195, CVE-2009-1890, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, CVE-2009-3555
SHA-256 | e56a54d6bdc82b29375d1213af66206fb4ca08275ca3ccd4eb0ad21e18bffd71
Ubuntu Security Notice 802-2
Posted Aug 23, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-802-2 - USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-1891
SHA-256 | 82e1048c58f6bb0269a91f5ef596b82cd31b537d10588dce4ebd63d94ab1528e
Debian Linux Security Advisory 1834-2
Posted Jul 30, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1834-2 - The previous update caused a regression for apache2 in Debian 4.0 "etch". Using mod_deflate together with mod_php could cause segfaults when a client aborts a connection. This update corrects this flaw. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch". A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2009-1890, CVE-2009-1891
SHA-256 | 2bb04b990a52bd709d6c38bea3fd00f71adef9c7a03e217b9679cec6bd703f6d
Mandriva Linux Security Advisory 2009-168
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-168 - The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. This update provides fixes for these vulnerabilities.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1890, CVE-2009-1891
SHA-256 | 51af7fbbcf69f4c39daf6a87f28edbccbdb261cd9fcbdb694531c6f7bf7e57f2
Debian Linux Security Advisory 1834-1
Posted Jul 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1834 - A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch".

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2009-1890, CVE-2009-1891
SHA-256 | 394bd714165a039d9f2115b6f7eefc7d36507ac113647e9ee3d8eace6c4beaf8
Ubuntu Security Notice 802-1
Posted Jul 13, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-802-1 - It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2009-1890, CVE-2009-1891
SHA-256 | 25501b4d25ab339dc83e00431f8456774abbafa2cdfb4b9a42421a7af1c61253
Gentoo Linux Security Advisory 200907-4
Posted Jul 13, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-04 - Multiple vulnerabilities in the Apache HTTP daemon allow for local privilege escalation, information disclosure or Denial of Service attacks. Versions less than 2.2.11-r2 are affected.

tags | advisory, web, denial of service, local, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2009-1191, CVE-2009-1195, CVE-2009-1890, CVE-2009-1891
SHA-256 | abcbba587113454fb3691d9b0cc0ef52089b05b2cb5706de46212acbee55d87a
Mandriva Linux Security Advisory 2009-149
Posted Jul 9, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-149 - The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. Fixed a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. This update provides fixes for these vulnerabilities.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1890, CVE-2009-1891
SHA-256 | c6bfbf6ae9b456b47c4d752222f01574101f35126c28e68a785e4b7b9f9da0e4
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close