CVE-2009-1890
apache2 apache2-mpm-itk - denial of service
EPSS 37.9%
Description
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
How to fix CVE-2009-1890
To remediate CVE-2009-1890, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.2.11-7 or later
- Debian/apache2—upgrade to 2.2.3-4+etch9 or later
Is CVE-2009-1890 being exploited?
Moderate — EPSS is 37.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.2.11-7
- from 0, < 2.2.3-4+etch9