The stream_reqbody_cl function in mod_proxy_http.c in the...
High severity
Unreviewed
Published
May 2, 2022
to the GitHub Advisory Database
•
Updated Feb 10, 2023
Description
Published by the National Vulnerability Database
Jul 5, 2009
Published to the GitHub Advisory Database
May 2, 2022
Last updated
Feb 10, 2023
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
References