https://issues.apache.org/bugzilla/show_bug.cgi?id=44880
Summary: Program Apache 1.3.33 and before, for Windows systems,
does not properly ignore certain characters that are
received over a “?” in URL, which could allow remote
attackers to cause a denial of service.
Product: Apache httpd-1.3
Version: 1.3.33
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: mod_log_config
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
Hello,
Maybe I discover vulnerability in apache server web. So, when I try to inject
some characters in url, Escape_log translate this in access.log except before
the injection begin by a “?”, for example: “http://host/?<?.......”.
But, next to the “?” if I try to pass some hexadecimal characters, like
\x0A the processor may be running at 100% and memory take over 1 Go. During
the problem, if I try again to inject some character behind a “?”, nothing
is written in access.log and nothing happens.
What's happens ?
Regards
Jean-François LECLERC
NB : Sorry for the second mail, but the first, I'm not logged in and I send
email from my messenger and not from the website.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
