Bug 20674 - Apache mod_proxy Reverse Proxy Denial of Service Vulnerability
Summary: Apache mod_proxy Reverse Proxy Denial of Service Vulnerability
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: apache2 (show other bugs)
Version: unstable
Hardware: all Linux
: P3 major
Assignee: Anton Farygin
QA Contact: qa-sisyphus
URL: http://secunia.com/advisories/35691/
Keywords: security
Depends on: 20916
Blocks:
  Show dependency tree
 
Reported: 2009-07-03 15:33 MSD by Vladimir Lettiev
Modified: 2009-07-31 10:57 MSD (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-07-03 15:33:03 MSD 
A vulnerability has been reported in the Apache mod_proxy module, which can be exploited by malicious people to potentially cause a DoS (Denial of Service).

An error exists in the mod_proxy module when functioning in reverse proxy mode. This can be exploited to consume large amounts of CPU in an affected proxy process via specially crafted proxy requests.

Fixed in svn: http://svn.apache.org/viewvc?view=rev&revision=790587
Comment 1 Dmitry V. Levin 2009-07-24 02:32:26 MSD 
*ping*
Comment 2 solo 2009-07-24 12:04:14 MSD 
В работе.
Comment 3 solo 2009-07-24 22:14:14 MSD 
Правильно понимаю, что это CVE-2009-1890 (см. http://secunia.com/advisories/cve_reference/CVE-2009-1890/)?
Comment 4 solo 2009-07-31 10:57:49 MSD 
Закрыта апстримом в apache 2.2.12