7.1
CVE-2009-1890
- EPSS 21.52%
- Veröffentlicht 05.07.2009 16:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version >= 2.2.0 < 2.2.12
Fedoraproject ≫ Fedora Version11
Debian ≫ Debian Linux Version4.0
Debian ≫ Debian Linux Version5.0
Debian ≫ Debian Linux Version6.0
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version8.10
Canonical ≫ Ubuntu Linux Version9.04
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Eus Version5.3
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Aus Version5.3
Redhat ≫ Enterprise Linux Workstation Version5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 21.52% | 0.955 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 8.6 | 6.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.