>Number: 1609 >Category: general >Synopsis: Apache DoS attack, creates a high load on the apache server. >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Dec 30 15:30:00 PST 1997 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.x all >Environment: Linux jinx 2.0.33 #1 Tue Dec 23 14:57:11 EST 1997 i686 unknown Reading specs from /usr/lib/gcc-lib/i586-unknown-linux-gnulibc1/2.7.2.3/specs gcc version 2.7.2.3 >Description: Here's a simple exploit for Apache httpd version 1.2.x (tested on 1.2.4). When launched, causes incerases of victim's load average and extreme slowdowns of disk operations. On my i586 Linux annoying slowdown has been experienced immediately (after maybe 5 seconds). After about 4 minutes work has been turned into real hell (286?).
Take a look at BUGTRAQ http://www.geek-girl.com/bugtraq/1997_4/0563.html >How-To-Repeat: Yes, I have been able to repeat the problem on my machines. >Fix: Non >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
