First published: Tue Jul 14 2009(Updated: )
The Apache HTTP Server is a popular Web server.<br>A denial of service flaw was found in the Apache mod_proxy module when it<br>was used as a reverse proxy. A remote attacker could use this flaw to force<br>a proxy process to consume large amounts of CPU time. (CVE-2009-1890)<br>A flaw was found in the handling of the "Options" and "AllowOverride"<br>directives used by the Apache HTTP Server. In configurations using the<br>"AllowOverride" directive with certain "Options=" arguments, local users<br>were not restricted from executing commands from a Server-Side-Include<br>script as intended. (CVE-2009-1195)<br>A denial of service flaw was found in the Apache mod_deflate module. This<br>module continued to compress large files until compression was complete,<br>even if the network connection that requested the content was closed before<br>compression completed. This would cause mod_deflate to consume large<br>amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)<br>All users of JBoss Enterprise Web Server 1.0.0 should upgrade to these<br>updated packages, which contain backported patches to correct these issues.<br>After installing the updated packages, the httpd daemon must be restarted<br>for the update to take effect.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/httpd | <2.2.10-10.ep5.el5 | 2.2.10-10.ep5.el5 |
redhat/httpd | <2.2.10-10.ep5.el5 | 2.2.10-10.ep5.el5 |
redhat/httpd-devel | <2.2.10-10.ep5.el5 | 2.2.10-10.ep5.el5 |
redhat/httpd-manual | <2.2.10-10.ep5.el5 | 2.2.10-10.ep5.el5 |
redhat/httpd-devel | <2.2.10-10.ep5.el5 | 2.2.10-10.ep5.el5 |
redhat/httpd-manual | <2.2.10-10.ep5.el5 | 2.2.10-10.ep5.el5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.