CVE-2009-1891 - Vulnerability Details

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Http Server
Canonical	Ubuntu Linux
Debian	Debian Linux
Fedoraproject	Fedora
Redhat	Certificate System Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Workstation Jboss Enterprise Web Server

Configuration 1 [-]

OR	cpe:2.3:a:apache:http_server::::::::
	cpe:2.3:a:apache:http_server::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:4.0:::::::*
	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:5.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

Package	CPE	Advisory	Released Date
JBEWS 1.0 for RHEL 4
httpd22-0:2.2.10-23.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2009:1160	2009-07-17T00:00:00Z
Red Hat Certificate System 7.3
ant-0:1.6.5-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
avalon-logkit-0:1.2-2jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
axis-0:1.2.1-1jpp_3rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-jaf-0:1.0-2jpp_6rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-mail-0:1.1.1-2jpp_8rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
geronimo-specs-0:1.0-0.M4.1jpp_10rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
jakarta-commons-modeler-0:2.0-3jpp_2rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
log4j-0:1.2.12-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
mx4j-1:3.0.1-1jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
pcsc-lite-0:1.3.3-3.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ca-0:7.3.0-20.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-java-tools-0:7.3.0-10.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-kra-0:7.3.0-14.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-manage-0:7.3.0-19.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-native-tools-0:7.3.0-6.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ocsp-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-tks-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
tomcat5-0:5.5.23-0jpp_4rh.16	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xerces-j2-0:2.7.1-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xml-commons-0:1.3.02-2jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
Red Hat Enterprise Linux 3
httpd-0:2.0.46-75.ent	cpe:/o:redhat:enterprise_linux:3	RHSA-2009:1205	2009-08-10T00:00:00Z
Red Hat Enterprise Linux 4
httpd-0:2.0.52-41.ent.6	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:1580	2009-11-11T00:00:00Z
Red Hat Enterprise Linux 5
httpd-0:2.2.3-22.el5_3.2	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1148	2009-07-09T00:00:00Z
Red Hat JBoss Enterprise Web Server 1 for RHEL 5
httpd-0:2.2.10-10.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2009:1155	2009-07-14T00:00:00Z

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2
http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://osvdb.org/55782
http://secunia.com/advisories/35721
http://secunia.com/advisories/35781
http://secunia.com/advisories/35793
http://secunia.com/advisories/35865
http://secunia.com/advisories/37152
http://secunia.com/advisories/37221
http://security.gentoo.org/glsa/glsa-200907-04.xml
http://support.apple.com/kb/HT3937
http://wiki.rpath.com/Advisories:rPSA-2009-0142
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480
http://www.debian.org/security/2009/dsa-1834
http://www.mandriva.com/security/advisories?name=MDVSA-2009:149
http://www.redhat.com/support/errata/RHSA-2009-1156.html
http://www.securityfocus.com/archive/1/507857/100/0/threaded
http://www.securitytracker.com/id?1022529
http://www.ubuntu.com/usn/USN-802-1
http://www.vupen.com/english/advisories/2009/1841
http://www.vupen.com/english/advisories/2009/3184
https://bugzilla.redhat.com/show_bug.cgi?id=509125
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2009-1891
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248
https://rhn.redhat.com/errata/RHSA-2009-1148.html
https://www.cve.org/CVERecord?id=CVE-2009-1891
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-07-10T15:00:00

Updated: 2024-08-07T05:27:54.767Z

Reserved: 2009-06-02T00:00:00

Link: CVE-2009-1891

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-07-10T15:30:00.187

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-1891

Redhat

Severity : Low

Publid Date: 2009-06-26T00:00:00Z

Links: CVE-2009-1891 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-28T00:00:00", "descriptions": [{"lang": "en", "value": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-06T10:09:13", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[apache-httpd-dev] 20090628 mod_deflate DoS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2"}, {"name": "FEDORA-2009-8812", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html"}, {"name": "SUSE-SA:2009:050", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142"}, {"name": "35781", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35781"}, {"name": "PK99480", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480"}, {"name": "oval:org.mitre.oval:def:12361", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361"}, {"name": "MDVSA-2009:149", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:149"}, {"name": "PK91361", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361"}, {"name": "SSRT090208", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"name": "RHSA-2009:1156", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1156.html"}, {"name": "35865", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35865"}, {"name": "ADV-2009-1841", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1841"}, {"name": "37152", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37152"}, {"name": "1022529", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022529"}, {"name": "[apache-httpd-dev] 20090703 Re: mod_deflate DoS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2"}, {"name": "DSA-1834", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1834"}, {"name": "20091113 rPSA-2009-0142-2 httpd mod_ssl", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507857/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:8632", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632"}, {"name": "HPSBUX02612", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712"}, {"name": "GLSA-200907-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200907-04.xml"}, {"name": "HPSBOV02683", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0142"}, {"name": "RHSA-2009:1148", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1148.html"}, {"name": "oval:org.mitre.oval:def:9248", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248"}, {"name": "USN-802-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-802-1"}, {"name": "37221", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37221"}, {"name": "ADV-2009-3184", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3184"}, {"name": "SSRT100345", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"name": "35793", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35793"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"}, {"name": "APPLE-SA-2009-11-09-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"}, {"name": "35721", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35721"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3937"}, {"name": "55782", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/55782"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:27:54.767Z"}, "title": "CVE Program Container", "references": [{"name": "[apache-httpd-dev] 20090628 mod_deflate DoS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2"}, {"name": "FEDORA-2009-8812", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html"}, {"name": "SUSE-SA:2009:050", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142"}, {"name": "35781", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35781"}, {"name": "PK99480", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480"}, {"name": "oval:org.mitre.oval:def:12361", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361"}, {"name": "MDVSA-2009:149", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:149"}, {"name": "PK91361", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361"}, {"name": "SSRT090208", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"name": "RHSA-2009:1156", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1156.html"}, {"name": "35865", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35865"}, {"name": "ADV-2009-1841", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1841"}, {"name": "37152", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37152"}, {"name": "1022529", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022529"}, {"name": "[apache-httpd-dev] 20090703 Re: mod_deflate DoS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2"}, {"name": "DSA-1834", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1834"}, {"name": "20091113 rPSA-2009-0142-2 httpd mod_ssl", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507857/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:8632", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632"}, {"name": "HPSBUX02612", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712"}, {"name": "GLSA-200907-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200907-04.xml"}, {"name": "HPSBOV02683", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0142"}, {"name": "RHSA-2009:1148", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1148.html"}, {"name": "oval:org.mitre.oval:def:9248", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248"}, {"name": "USN-802-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-802-1"}, {"name": "37221", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37221"}, {"name": "ADV-2009-3184", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3184"}, {"name": "SSRT100345", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"name": "35793", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35793"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"}, {"name": "APPLE-SA-2009-11-09-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"}, {"name": "35721", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35721"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3937"}, {"name": "55782", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/55782"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-1891", "datePublished": "2009-07-10T15:00:00", "dateReserved": "2009-06-02T00:00:00", "dateUpdated": "2024-08-07T05:27:54.767Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "838655CB-43E7-4BDA-A80C-2314C9870717", "versionEndExcluding": "2.0.64", "versionStartIncluding": "2.0.35", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BBBCFC4-2CFE-42A2-BE6F-2710EB3921A9", "versionEndExcluding": "2.2.12", "versionStartIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "941713DB-B1DE-4953-9A9C-174EAFDCB3E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "1F87B994-28E4-4095-8770-6433DE9C93AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption)."}, {"lang": "es", "value": "El m\u00f3dulo mod_deflate en Apache httpd v2.2.11 y anteriores comprime archivos de gran tama\u00f1o hasta finalizar incluso despu\u00e9s de que la conexi\u00f3n de red asociada est\u00e1 cerrada, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU)."}], "id": "CVE-2009-1891", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-10T15:30:00.187", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://osvdb.org/55782"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/35721"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/35781"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/35793"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/35865"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/37152"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/37221"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200907-04.xml"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://support.apple.com/kb/HT3937"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0142"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1834"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Patch"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:149"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1156.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507857/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022529"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-802-1"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1841"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3184"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1148.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://osvdb.org/55782"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/35721"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/35781"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/35793"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/35865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/37152"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://secunia.com/advisories/37221"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200907-04.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://support.apple.com/kb/HT3937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1834"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Patch"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1156.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507857/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-802-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1841"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3184"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1148.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1160", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", "package": "httpd22-0:2.2.10-23.1.ep5.el4", "product_name": "JBEWS 1.0 for RHEL 4", "release_date": "2009-07-17T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "ant-0:1.6.5-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "avalon-logkit-0:1.2-2jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "axis-0:1.2.1-1jpp_3rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-jaf-0:1.0-2jpp_6rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-mail-0:1.1.1-2jpp_8rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "geronimo-specs-0:1.0-0.M4.1jpp_10rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "jakarta-commons-modeler-0:2.0-3jpp_2rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "log4j-0:1.2.12-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "mx4j-1:3.0.1-1jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "pcsc-lite-0:1.3.3-3.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ca-0:7.3.0-20.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-java-tools-0:7.3.0-10.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-kra-0:7.3.0-14.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-manage-0:7.3.0-19.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-native-tools-0:7.3.0-6.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ocsp-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-tks-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "tomcat5-0:5.5.23-0jpp_4rh.16", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xerces-j2-0:2.7.1-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xml-commons-0:1.3.02-2jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2009:1205", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "httpd-0:2.0.46-75.ent", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2009-08-10T00:00:00Z"}, {"advisory": "RHSA-2009:1580", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "httpd-0:2.0.52-41.ent.6", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2009-11-11T00:00:00Z"}, {"advisory": "RHSA-2009:1148", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "httpd-0:2.2.3-22.el5_3.2", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-07-09T00:00:00Z"}, {"advisory": "RHSA-2009:1155", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package": "httpd-0:2.2.10-10.ep5.el5", "product_name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date": "2009-07-14T00:00:00Z"}], "bugzilla": {"description": "httpd: possible temporary DoS (CPU consumption) in mod_deflate", "id": "509125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption)."], "name": "CVE-2009-1891", "public_date": "2009-06-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-1891\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-1891"], "threat_severity": "Low"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object