raboof commented on PR #11:
URL: https://github.com/apache/httpd-site/pull/11#issuecomment-1798887129
Thanks for the feedback, that makes it nicer indeed ;)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL
Humbedooh commented on PR #11:
URL: https://github.com/apache/httpd-site/pull/11#issuecomment-1785709103
short of a few optimizations with f-strings and a .get, this looks fine (no
real need to optimize this, just nitpicking)
+1
--
This is an automated message from the Apache Git
raboof opened a new pull request, #11:
URL: https://github.com/apache/httpd-site/pull/11
Right now the range start, if given, was ignored. The new logic formats the
range mostly similar to
https://www.cve.org/CVERecord?id=CVE-2023-43622
--
This is an automated message from the Apache
rpluem commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1759742159
It also needs to be considered that Ubuntu 22.04 which was used for the test
uses httpd 2.4.52 and nghttp2 1.43 (+ whatever patches they have added). Maybe
these older versions are still
icing commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1759749454
> It also needs to be considered that Ubuntu 22.04 which was used for the
test uses httpd 2.4.52 and nghttp2 1.43 (+ whatever patches they have added).
Maybe these older versions are still
icing commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1759730884
> I'm not sure that I'd suggest that
[CVE-2023-44487](https://github.com/advisories/GHSA-qppj-fm5r-hxr3) doesn't
have an impact on Apache. Using a simple python-based PoC exploit from a
wdormann commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1759629482
I'm not sure that I'd suggest that CVE-2023-44487 doesn't have an impact on
Apache.
Using a simple python-based PoC exploit from a **single** attacking host
with fast bandwidth
wdormann commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1759858696
OK, so in testing Apache 2.4.57 (with the same nghttp2) I can no longer
reproduce the OOM condition.
I suggest rather than using `Apache HTTP Server is not impacted`, perhaps
`As of
wdormann commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1759932314
You seem to have replied to a message that I had deleted, due to a failure
in my test by way of not properly enabling the http2 protocol.
Even with Apache 2.4.57, combined with the
rpluem commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1759822171
Let's wait if the the attacking script can be provided. If it does not
trigger with our latest release I guess we are fine in general. Of course it
would be interesting to know then since
icing commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1759885476
> OK, so in testing Apache 2.4.57 (with the same nghttp2) I can no longer
reproduce the OOM condition. I suggest rather than using `Apache HTTP Server is
not impacted`, perhaps `As of
icing commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1759942082
@wdormann in that case, it would be helpful to get access to your test
script. If you want to keep that confidential, please contact us at our
security mailing list.
--
This is an
wdormann commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1759955185
Once I get the OK to share, I will do so. Presumably via the mailing list.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to
wdormann commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1760112667
I've shared the PoC with the security list.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go
raboof opened a new pull request, #10:
URL: https://github.com/apache/httpd-site/pull/10
We're getting questions about the impact of CVE-2023-44487 on Apache HTTP
Server. While there's some information available
(https://chaos.social/@icing/111212195435976222,
iamamoose closed pull request #10: Document non-impact of CVE-2023-44487
URL: https://github.com/apache/httpd-site/pull/10
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To
DanielRuf commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1775084162
Any updates regarding this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific
iamamoose commented on PR #10:
URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1775143513
> Any updates regarding this?
Hi, see
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802
--
This is an automated message from the Apache Git Service.
To
RedYetiDev opened a new pull request, #12:
URL: https://github.com/apache/httpd-site/pull/12
This PR redoes the template used in httpd. It replaces the older layout with
a modernized one.
## Main Changes
- [UI] Sidebar and Content are both scrollable individually
- [UI] The
RedYetiDev closed pull request #12: Modernize HTTPD website
URL: https://github.com/apache/httpd-site/pull/12
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe,
20 matches
Mail list logo