Nick Kew wrote: > [email protected] wrote: > >> Changes with Apache 2.3.3 >> >> + *) SECURITY: CVE-2009-1890 (cve.mitre.org) + Fix a potential >> Denial-of-Service attack against mod_proxy in a >> + reverse proxy configuration, where a remote attacker can force a >> + proxy process to consume CPU time indefinitely. [Nick Kew, Joe >> Orton] > > I thought in this instance, the original reporter's diagnostic > work contributed more to the patch than we did. I think he > should be credited in the changelog here.
+1, and absolutely first credit, he nailed the bug on nose :)
