https://issues.apache.org/bugzilla/show_bug.cgi?id=44880
Jean François LECLERC <[EMAIL PROTECTED]> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jean-
| |[EMAIL PROTECTED]
Status|NEEDINFO |ASSIGNED
--- Comment #2 from Jean François LECLERC <[EMAIL PROTECTED]> 2008-04-26
05:39:36 PST ---
I don't have more information. Only I know, http://127.0.0.1/?\x0A (it's a
"\n") cause a DoS (processor at 100% and RAM increased).
Maybe there's a link with access.log and particulary ap_log_rerror function,
because use a "?" character in the url prevents to use this function (translate
url to unicode character before written event in access.log). so when I try
hexa characters in url (cause the DoS) and I try a new url with a ? and more,
for example : http://127.0.0.1/?<?%20echo%20"bonjour";%20?> no event is written
in access.log during the DoS, when it's stopped, the events will be written
again.
With http server apache 2.2, Apache add a "\" before \x0A, the result becomes
\\x0A in access.log and don't cause many problem
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
