[email protected] wrote:
Changes with Apache 2.3.3+ *) SECURITY: CVE-2009-1890 (cve.mitre.org) + Fix a potential Denial-of-Service attack against mod_proxy in a+ reverse proxy configuration, where a remote attacker can force a + proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
I thought in this instance, the original reporter's diagnostic work contributed more to the patch than we did. I think he should be credited in the changelog here. -- Nick Kew
