* Kjetil Kjernsmo:
If I have a PerlRun script, e.g., http://localhost/test/script, and
call it using a URL with special symbols like '(' in path_info,
PerlRun fails with server error. For example, calling
http://localhost/test/script/(
produces this error:
[Thu Mar 22 10:24:57 2007]
On Friday 30 March 2007 09:44, Florian Weimer wrote:
On the other hand, computing and matching regular expressions can be
fairly expensive (exponential complexity and things like that).
Usually, such bugs are hard to exploit unless you control both regexp
and matched string.
Yup. It is
On the mod_perl list it has been considered a DOS attack, and not an
exploit.
It's also only in Apache::PerlRun - so doesn't affect users using the more
popular Apache::Registry (was fixed mid-2000). Nor does it affect users
using pure-handlers.
I'd also point out that the release also
Package: apache2
Version: 2.2.3-3.3
Followup-For: Bug #415775
I would like to say that it seems that the content of
/etc/apache2/conf.d
is for generic snippets of statements
and the content of /etc/apache2/conf.d/charset is
for the mime module.
It could be put in a new file called
FYI: The status of the apache2 source package
in Debian's testing distribution has changed.
Previous version: 2.2.3-3.3
Current version: 2.2.3-4
--
This email is automatically generated; [EMAIL PROTECTED] is responsible.
See http://people.debian.org/~henning/trille/ for more information.
Hi all,
I noticed than a new version of Apache -- 2.0.55-4.1 -- was uploaded
last August, which fixes some security issues. However, the latest
version I can find for Stable is 2.0.54-5sarge1
(http://packages.debian.org/stable/web/apache2), which doesn't (seem to)
contain these fixes.
Can
6 matches
Mail list logo