]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
projects / thirdparty / apache / httpd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 56501dd)
CVE-2009-1890
authorJeff Trawick <trawick@apache.org>
Thu, 2 Jul 2009 17:22:54 +0000 (17:22 +0000)
committerJeff Trawick <trawick@apache.org>
Thu, 2 Jul 2009 17:22:54 +0000 (17:22 +0000)
(tests out okay on 2.2.x with Joe's new testcase, but I'll try to look at it
a little more before voting)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@790690 13f79535-47bb-0310-9956-ffa450edef68

STATUS patch | blob | blame | history

diff --git a/STATUS b/STATUS
index 5c13f6f5f7df948ec67303d0800bed96a60c8b1d..b801d192177a8f3025b7cd5cc58cc0a0ddaff01d 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -82,6 +82,14 @@ CURRENT RELEASE NOTES:
 
 RELEASE SHOWSTOPPERS:
 
+ * SECURITY: CVE-2009-1890 (cve.mitre.org)
+   Fix a potential Denial-of-Service attack against mod_proxy in a
+   reverse proxy configuration, where a remote attacker can force a
+   proxy process to consume CPU time indefinitely.  [Nick Kew, Joe Orton]
+   Trunk version of patch works: 
+       http://svn.apache.org/viewvc?view=rev&revision=790587
+   +1: 
+
  * additional (mod_perl test suite) OPT_INCLUDES compatibility
    trunk: N/A
    2.2.x patch: http://people.apache.org/~trawick/mod_perl_more_compat.txt
Mirror of https://github.com/apache/httpd.git