On Sat, 22 Jun 2013 10:09:35 -0400
Jeff Trawick traw...@gmail.com wrote:
On Fri, Jun 21, 2013 at 2:43 PM, William A. Rowe Jr.
wr...@rowe-clan.netwrote:
On Fri, 21 Jun 2013 13:19:36 -0400
Jeff Trawick traw...@gmail.com wrote:
Even with the CVE-2011-3607 it is still possible to DOS the
On Mon, 24 Jun 2013 10:47:17 -0500
William A. Rowe Jr. wr...@rowe-clan.net wrote:
On Sat, 22 Jun 2013 10:09:35 -0400
Jeff Trawick traw...@gmail.com wrote:
On Fri, Jun 21, 2013 at 2:43 PM, William A. Rowe Jr.
wr...@rowe-clan.netwrote:
On Fri, 21 Jun 2013 13:19:36 -0400
Jeff
On Monday, June 24, 2013, William A. Rowe Jr. wrote:
On Mon, 24 Jun 2013 10:47:17 -0500
William A. Rowe Jr. wr...@rowe-clan.net javascript:; wrote:
On Sat, 22 Jun 2013 10:09:35 -0400
Jeff Trawick traw...@gmail.com javascript:; wrote:
On Fri, Jun 21, 2013 at 2:43 PM, William A. Rowe
On Fri, Jun 21, 2013 at 2:43 PM, William A. Rowe Jr. wr...@rowe-clan.netwrote:
On Fri, 21 Jun 2013 13:19:36 -0400
Jeff Trawick traw...@gmail.com wrote:
Even with the CVE-2011-3607 it is still possible to DOS the server by
consuming huge amounts of memory with mod_setenvif using a specially
Even with the CVE-2011-3607 it is still possible to DOS the server by
consuming huge amounts of memory with mod_setenvif using a specially
crafted configuration.
Here's a backport of an existing fix in 2.4.x which resolves the issue I
reproduced. Note that unlike in 2.4.x we need ap_pregsub to
On Fri, 21 Jun 2013 13:19:36 -0400
Jeff Trawick traw...@gmail.com wrote:
Even with the CVE-2011-3607 it is still possible to DOS the server by
consuming huge amounts of memory with mod_setenvif using a specially
crafted configuration.
Here's a backport of an existing fix in 2.4.x which