CVE-2009-1890

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.3.3

Description: The issue is related to the stream reqbody cl function in the mod proxy module, which does not properly handle streamed data that exceeds the Content-Length value when a reverse proxy is configured. This allows remote attackers to cause a denial of service by consuming CPU time via crafted requests.

Recommendations: For versions prior to 2.3.3, update to version 2.3.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mod proxy module when it is used as a reverse proxy until a patch is available.