DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19753>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19753 Local exploit denial of service using DirectoryIndex in .htaccess Summary: Local exploit denial of service using DirectoryIndex in .htaccess Product: Apache httpd-2.0 Version: 2.0.45 Platform: PC URL: n/a OS/Version: FreeBSD Status: NEW Severity: Major Priority: Other Component: mod_dir AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] In a directory configured with AllowOverride All in httpd.conf, this one line in a .htaccess will cause (what i perceive to be) an infinite loop in a single httpd process (using 100% cpu): DirectoryIndex . Subsequent reloads will cause more processes to start using as much cpu as they can muster. My load starts going up and up and i imagine everything will start crashing eventually (if i don't take care of it by killing apache). I'm running FreeBSD 4.8-STABLE with apache-2.0.45 installed from ports. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
