https://issues.apache.org/bugzilla/show_bug.cgi?id=54498
Bug ID: 54498
Summary: apache crash on any cgi request with certain http
accept header
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: [email protected]
Reporter: [email protected]
Classification: Unclassified
I have problem with regular crash my apache / whole server because of out of
memory.
After investigating I found somebody sends requests to any .cgi script with
this header [HTTP_ACCEPT] => !!mUiX6BaBHCeqIoxmNSdGa/XC2O8YisRs3w03aglTIw0A
I have only certain group of scripts installed, but i think it will crash with
any script.
As a result it generates thousand httpd proccesses and it eat all resourses.
In log
212.117.160.93 - - [08/Jan/2013:17:41:19 -0600] GET /cgi-bin/a2/out.cgi
HTTP/1.1 "200" 56695613 "http://cut.../cgi-b
in/a2/out.cgi" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" "-"
This is 56695613 answer size. It looks like while it return this answer all
scripts are locked and because new requests are incoming - in couple of minutes
there are accumulated thousand httpd proccesses.
I verified and simulated it - it crashes apache every time when I send this
headers. It works on Freebsd server. I tried send this request to other OS - it
doesnt crash.
Before I found this problem I tried reinstall OS from freebsd 8 to freebsd 9. I
also tried all versions of Apache, including last one, and all mysql, php,
nginx.
Could you fix this please. This person changes ip and I need catch his ip and
add to blacklist. But time of time my server crashes.
Thanks
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
