The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server prior to 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote malicious users to cause a denial of service (CPU consumption) via crafted requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
fedoraproject fedora 11 |
||
debian debian linux 5.0 |
||
debian debian linux 4.0 |
||
debian debian linux 6.0 |
||
canonical ubuntu linux 9.04 |
||
canonical ubuntu linux 8.10 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 6.06 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux workstation 5.0 |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux server aus 5.3 |
||
redhat enterprise linux eus 5.3 |