Package: apache2
Version: 2.2.16-6+squeeze6
Severity: serious
Tags: security
Hello,
I noticed on a customers server, that apache periodical crashes the
whole system by using the whole available memory until it swaps away.
I have found out that this is caused by a crafted .htaccess where
severity 663723 wishlist
tags 663723 -security
retitle 663723 apache2 does not prevent DoS through .htaccess files
thanks
On Tuesday 13 March 2012, Patrick Matthäi wrote:
I noticed on a customers server, that apache periodical crashes the
whole system by using the whole available memory until
Processing commands for cont...@bugs.debian.org:
severity 663723 wishlist
Bug #663723 [apache2] Critical memory leak with mod_rewrite in apache2 using
german umlauts
Severity set to 'wishlist' from 'serious'
tags 663723 -security
Bug #663723 [apache2] Critical memory leak with mod_rewrite in
Am 13.03.2012 20:15, schrieb Stefan Fritsch:
RewriteEngine on
RewriteBase /
RewriteRule ^(.*)\xC3\x84(.*)$ $1Ä$2 [N,E=utf8_fixed:1]
The problem is not the special character but that this regular
expression has quadratic complexity in the string length. Using (.*?)
instead of (.*)
On Tuesday 13 March 2012, Patrick Matthäi wrote:
If the regular expression is wrong, okay, but what is about e.g.
the RedirectLimit? This also could cause server problems with
crafted configurations, but there is internal apache limit
available.
You mean LimitInternalRecursion? That is to
5 matches
Mail list logo
