CVE-2009-1891
HIGH severity · CVSS 7.1 · Uncontrolled resource consumption
7.1CVSS HIGH
Summary
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impactNone
Availability impact—
Exploit probability (EPSS)17%
AV:N/AC:M/Au:N/C:N/I:N/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlAdvisory
- http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2Advisory
- http://marc.info/?l=bugtraq&m=129190899612998&w=2Advisory
- http://marc.info/?l=bugtraq&m=130497311408250&w=2Advisory
- http://osvdb.org/55782
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712Exploit
- http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2Advisory