关键信息 CVE编号: CVE-2009-1891 漏洞模块: MOD_DEFLATE 修复状态: Fixes are available 受影响的版本: - IBM HTTP Server intermi fix for PK91361 - WebSphere Application Server V7.0 Fix Pack 7 for multiple operating systems - Java SDK 1.6 SR6 Cumulative Fix for WebSphere Application Server - Additional fixes for later versions listed in the image 问题描述: - IHS compression module continues compressing response after client hangup, potentially exposing the server to a Denial-of-Service attack by forcing the server to consume CPU time in compressing a large response after a client disconnects. 本地修复: - Disable the optional mod_deflate module or disable deflate of potentially large content. 问题总结: - Attackers can force extra CPU usage by requesting large responses then disconnecting, causing IHS to still compress the response. 问题结论: - Fix ported from Apache to detect client disconnect and abort the compression. 临时修复: Not specified in the screenshot. APAR状态: Closed as program error. 文档信息: - 文档编号: 3282945 - 软件版本: 6.1 - 修改日期: 07 September 2022