Bug 20760 - CVE-2009-1891 Apache (mod_deflate) Denial of Service Vulnerability
Summary: CVE-2009-1891 Apache (mod_deflate) Denial of Service Vulnerability
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: apache2 (show other bugs)
Version: unstable
Hardware: all Linux
: P3 major
Assignee: Anton Farygin
QA Contact: qa-sisyphus
URL: http://bugs.debian.org/cgi-bin/bugrep...
Keywords: security
Depends on: 20916
Blocks:
  Show dependency tree
 
Reported: 2009-07-13 08:46 MSD by Vladimir Lettiev
Modified: 2009-07-31 10:58 MSD (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-07-13 08:46:20 MSD 
There is a bug in mod_deflate that can lead to a DOS with a very small
network traffic.

The problem is the following : when downloading a file with mod_deflate
enabled and aborting the connexion before the end, mod_deflate will take
100% of a CPU and finish to compress the file for nothing.

Problem fixed in svn: http://svn.apache.org/viewvc?view=rev&revision=791454
Comment 1 Dmitry V. Levin 2009-07-24 02:32:42 MSD 
*ping*
Comment 2 solo 2009-07-24 12:04:09 MSD 
В работе.
Comment 3 solo 2009-07-31 10:58:04 MSD 
Закрыта апстримом в apache 2.2.12