Bug 20674

Summary: Apache mod_proxy Reverse Proxy Denial of Service Vulnerability
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: apache2Assignee: Anton Farygin <rider>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: major    
Priority: P3 CC: ldv, rider
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://secunia.com/advisories/35691/
Bug Depends on: 20916    
Bug Blocks:    

Description Vladimir Lettiev 2009-07-03 15:33:03 MSD 
A vulnerability has been reported in the Apache mod_proxy module, which can be exploited by malicious people to potentially cause a DoS (Denial of Service).

An error exists in the mod_proxy module when functioning in reverse proxy mode. This can be exploited to consume large amounts of CPU in an affected proxy process via specially crafted proxy requests.

Fixed in svn: http://svn.apache.org/viewvc?view=rev&revision=790587
Comment 1 Dmitry V. Levin 2009-07-24 02:32:26 MSD 
*ping*
Comment 2 solo 2009-07-24 12:04:14 MSD 
В работе.
Comment 3 solo 2009-07-24 22:14:14 MSD 
Правильно понимаю, что это CVE-2009-1890 (см. http://secunia.com/advisories/cve_reference/CVE-2009-1890/)?
Comment 4 solo 2009-07-31 10:57:49 MSD 
Закрыта апстримом в apache 2.2.12