Summary
This host is running Apache HTTP Server and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will allow remote attackers to cause Denial of Service to the legitimate user by CPU consumption.
Impact Level: Application
Solution
Fixed in the SVN repository.
http://svn.apache.org/viewvc?view=rev&revision=790587
Insight
The flaw is due to error in 'stream_reqbody_cl' function in 'mod_proxy_http.c' in the mod_proxy module. When a reverse proxy is configured, it does not properly handle an amount of streamed data that exceeds the Content-Length value via crafted requests.
Affected
Apache HTTP Server version prior to 2.3.3
References
Severity
Classification
-
CVE CVE-2009-1890 -
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- connect to all open ports
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows)
- Adobe Reader '.ETD File' Denial of Service Vulnerability (Windows)
- Adobe Reader '.ETD File' Denial of Service Vulnerability (Mac OS X)
- CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows)