Launchpad.net

CVE 2009-1891

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

Related bugs and status

CVE-2009-1891 (Candidate) is related to these bugs:

Bug #205996: ServerTokens Full in apache2.conf (security risk?)

Summary				In	Importance	Status
	205996	ServerTokens Full in apache2.conf (security risk?)		apache2 (Ubuntu)	Wishlist	Fix Released

Bug #255124: apache's default logging format can be horribly inaccurate in terms of data transferred

Summary				In	Importance	Status
	255124	apache's default logging format can be horribly inaccurate in terms of data transferred		apache2 (Ubuntu)	Low	Fix Released

Bug #398130: Please merge apache2 2.2.11-7(main) from debian unstable(main)

Summary				In	Importance	Status
	398130	Please merge apache2 2.2.11-7(main) from debian unstable(main)		apache2 (Ubuntu)	Undecided	Fix Released

Bug #409987: apache2 segfault using mod_deflate

Summary				In	Importance	Status
	409987	apache2 segfault using mod_deflate		apache2 (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-1891

Related bugs and status

Related bugs

References