This is CVE-2009-1891: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 Upstream patch: http://svn.apache.org/viewvc?view=rev&revision=791454