CVE - CVE-2009-1890

CVE-ID
CVE-2009-1890	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1022509 URL:http://www.securitytracker.com/id?1022509 MISC:20091112 rPSA-2009-0142-1 httpd mod_ssl URL:http://www.securityfocus.com/archive/1/507852/100/0/threaded MISC:20091113 rPSA-2009-0142-2 httpd mod_ssl URL:http://www.securityfocus.com/archive/1/507857/100/0/threaded MISC:35565 URL:http://www.securityfocus.com/bid/35565 MISC:35691 URL:http://secunia.com/advisories/35691 MISC:35721 URL:http://secunia.com/advisories/35721 MISC:35793 URL:http://secunia.com/advisories/35793 MISC:35865 URL:http://secunia.com/advisories/35865 MISC:37152 URL:http://secunia.com/advisories/37152 MISC:37221 URL:http://secunia.com/advisories/37221 MISC:55553 URL:~~http://osvdb.org/55553~~ (Obsolete source) MISC:ADV-2009-3184 URL:~~http://www.vupen.com/english/advisories/2009/3184~~ (Obsolete source) MISC:APPLE-SA-2009-11-09-1 URL:http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html MISC:DSA-1834 URL:http://www.debian.org/security/2009/dsa-1834 MISC:FEDORA-2009-8812 URL:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html MISC:GLSA-200907-04 URL:http://security.gentoo.org/glsa/glsa-200907-04.xml MISC:HPSBUX02612 URL:http://marc.info/?l=bugtraq&m=129190899612998&w=2 MISC:MDVSA-2009:149 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:149~~ (Obsolete source) MISC:MDVSA-2013:150 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2013:150~~ (Obsolete source) MISC:PK91259 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PK91259 MISC:PK99480 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480 MISC:RHSA-2009:1148 URL:https://rhn.redhat.com/errata/RHSA-2009-1148.html MISC:RHSA-2009:1156 URL:http://www.redhat.com/support/errata/RHSA-2009-1156.html MISC:SSRT100345 URL:http://marc.info/?l=bugtraq&m=129190899612998&w=2 MISC:SUSE-SA:2009:050 URL:http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html MISC:USN-802-1 URL:http://www.ubuntu.com/usn/USN-802-1 MISC:[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/ URL:https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E MISC:[mina-users] 20210714 CWE-189 CWE-189 Numeric Errors: CVE-2009-1890 in Apache Mina SSHD SFTP 2.7.0 library URL:https://lists.apache.org/thread.html/rb33be0aa9bd8cac9536293e3821dcd4cf8180ad95a8036eedd46365e%40%3Cusers.mina.apache.org%3E MISC:http://support.apple.com/kb/HT3937 URL:http://support.apple.com/kb/HT3937 MISC:http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587 URL:http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587 MISC:http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?revision=790587 URL:http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?revision=790587 MISC:http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=790587&r2=790586&pathrev=790587 URL:http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=790587&r2=790586&pathrev=790587 MISC:http://svn.apache.org/viewvc?view=rev&revision=790587 URL:http://svn.apache.org/viewvc?view=rev&revision=790587 MISC:http://wiki.rpath.com/Advisories:rPSA-2009-0142 URL:http://wiki.rpath.com/Advisories:rPSA-2009-0142 MISC:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html URL:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html MISC:oval:org.mitre.oval:def:12330 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12330 MISC:oval:org.mitre.oval:def:8616 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8616 MISC:oval:org.mitre.oval:def:9403 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9403
Assigning CNA
Red Hat, Inc.
Date Record Created
20090602	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090602)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.