Test ID:	1.3.6.1.4.1.25623.1.0.64423
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1834-1)
Summary:	The remote host is missing an update for the Debian 'apache2 apache2-mpm-itk' package(s) announced via the DSA-1834-1 advisory.;; This VT has been deprecated and merged into the VT 'deb_1834.nasl' (OID: 1.3.6.1.4.1.25623.1.0.64423).
Description:	Summary: The remote host is missing an update for the Debian 'apache2 apache2-mpm-itk' package(s) announced via the DSA-1834-1 advisory. This VT has been deprecated and merged into the VT 'deb_1834.nasl' (OID: 1.3.6.1.4.1.25623.1.0.64423). Vulnerability Insight: CVE-2009-1890 A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 'etch'. CVE-2009-1891 A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed. The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch9. For the stable distribution (lenny), these problems have been fixed in version 2.2.9-10+lenny4. For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed in version 2.2.11-7. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. Updated packages for the s390 and mipsel architectures are not included yet. They will be released as soon as they become available. Affected Software/OS: 'apache2 apache2-mpm-itk' package(s) on Debian 4, Debian 5. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1890 1022509 http://www.securitytracker.com/id?1022509 20091112 rPSA-2009-0142-1 httpd mod_ssl http://www.securityfocus.com/archive/1/507852/100/0/threaded 20091113 rPSA-2009-0142-2 httpd mod_ssl http://www.securityfocus.com/archive/1/507857/100/0/threaded 35565 http://www.securityfocus.com/bid/35565 35691 http://secunia.com/advisories/35691 35721 http://secunia.com/advisories/35721 35793 http://secunia.com/advisories/35793 35865 http://secunia.com/advisories/35865 37152 http://secunia.com/advisories/37152 37221 http://secunia.com/advisories/37221 55553 http://osvdb.org/55553 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1834 http://www.debian.org/security/2009/dsa-1834 FEDORA-2009-8812 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html GLSA-200907-04 http://security.gentoo.org/glsa/glsa-200907-04.xml HPSBUX02612 http://marc.info/?l=bugtraq&m=129190899612998&w=2 MDVSA-2009:149 http://www.mandriva.com/security/advisories?name=MDVSA-2009:149 MDVSA-2013:150 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 PK91259 http://www-01.ibm.com/support/docview.wss?uid=swg1PK91259 PK99480 http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480 RHSA-2009:1148 https://rhn.redhat.com/errata/RHSA-2009-1148.html RHSA-2009:1156 http://www.redhat.com/support/errata/RHSA-2009-1156.html SSRT100345 SUSE-SA:2009:050 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html USN-802-1 http://www.ubuntu.com/usn/USN-802-1 [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/ https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E [mina-users] 20210714 CWE-189 CWE-189 Numeric Errors: CVE-2009-1890 in Apache Mina SSHD SFTP 2.7.0 library https://lists.apache.org/thread.html/rb33be0aa9bd8cac9536293e3821dcd4cf8180ad95a8036eedd46365e%40%3Cusers.mina.apache.org%3E http://support.apple.com/kb/HT3937 http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587 http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?revision=790587 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=790587&r2=790586&pathrev=790587 http://svn.apache.org/viewvc?view=rev&revision=790587 http://wiki.rpath.com/Advisories:rPSA-2009-0142 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html oval:org.mitre.oval:def:12330 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12330 oval:org.mitre.oval:def:8616 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8616 oval:org.mitre.oval:def:9403 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9403 Common Vulnerability Exposure (CVE) ID: CVE-2009-1891 1022529 http://www.securitytracker.com/id?1022529 35781 http://secunia.com/advisories/35781 55782 http://osvdb.org/55782 ADV-2009-1841 http://www.vupen.com/english/advisories/2009/1841 HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 PK91361 http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361 SSRT090208 [apache-httpd-dev] 20090628 mod_deflate DoS http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2 [apache-httpd-dev] 20090703 Re: mod_deflate DoS http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2 [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142 https://bugzilla.redhat.com/show_bug.cgi?id=509125 oval:org.mitre.oval:def:12361 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361 oval:org.mitre.oval:def:8632 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632 oval:org.mitre.oval:def:9248 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.