The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
13 Feb 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
19 Sep 2022, 19:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux Server
Fedoraproject Fedoraproject fedora Redhat enterprise Linux Desktop Debian Redhat Debian debian Linux Redhat enterprise Linux Workstation Redhat enterprise Linux Server Aus Canonical Canonical ubuntu Linux Redhat enterprise Linux Eus |
|
CPE | cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:* |
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:* |
References | (SECUNIA) http://secunia.com/advisories/35865 - Not Applicable, Vendor Advisory | |
References | (HP) http://marc.info/?l=bugtraq&m=130497311408250&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (AIXAPAR) http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/37152 - Not Applicable, Vendor Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1022529 - Broken Link, Third Party Advisory, VDB Entry | |
References | (OSVDB) http://osvdb.org/55782 - Broken Link | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-802-1 - Third Party Advisory | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html - Mailing List, Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35781 - Not Applicable, Vendor Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1156.html - Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2009/3184 - Permissions Required, Vendor Advisory | |
References | (MLIST) http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2 - Exploit, Issue Tracking, Mailing List, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2009/dsa-1834 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142 - Broken Link | |
References | (MLIST) https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (GENTOO) http://security.gentoo.org/glsa/glsa-200907-04.xml - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35721 - Not Applicable, Vendor Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:149 - Broken Link, Patch | |
References | (MLIST) https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) http://support.apple.com/kb/HT3937 - Broken Link | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html - Broken Link, Mailing List | |
References | (AIXAPAR) http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/37221 - Not Applicable, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2009/1841 - Permissions Required, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) http://wiki.rpath.com/Advisories:rPSA-2009-0142 - Broken Link | |
References | (REDHAT) https://rhn.redhat.com/errata/RHSA-2009-1148.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35793 - Not Applicable, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632 - Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=509125 - Issue Tracking, Patch, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html - Mailing List, Third Party Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/507857/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (HP) http://marc.info/?l=bugtraq&m=129190899612998&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
CWE | CWE-400 |
06 Jun 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jun 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2009-07-10 15:30
Updated : 2023-12-10 10:51
NVD link : CVE-2009-1891
Mitre link : CVE-2009-1891
CVE.ORG link : CVE-2009-1891
JSON object : View
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_eus
debian
- debian_linux
canonical
- ubuntu_linux
apache
- http_server
fedoraproject
- fedora
CWE
CWE-400
Uncontrolled Resource Consumption