httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 54498] New: apache crash on any cgi request with certain http accept header
Date Mon, 28 Jan 2013 22:23:00 GMT

            Bug ID: 54498
           Summary: apache crash on any cgi request with certain http
                    accept header
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
    Classification: Unclassified

I have problem with regular crash my apache / whole server because of out of

After investigating I found somebody sends requests to any .cgi script with
this header [HTTP_ACCEPT] => !!mUiX6BaBHCeqIoxmNSdGa/XC2O8YisRs3w03aglTIw0A
I have only certain group of scripts installed, but i think it will crash with
any script. 

As a result it generates thousand httpd proccesses and it eat all resourses.
In log - - [08/Jan/2013:17:41:19 -0600] GET /cgi-bin/a2/out.cgi
HTTP/1.1 "200" 56695613 "http://cut.../cgi-b
in/a2/out.cgi" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" "-"

This is 56695613 answer size. It looks like while it return this answer all
scripts are locked and because new requests are incoming - in couple of minutes
there are accumulated thousand httpd proccesses.

I verified and simulated it - it crashes apache every time when I send this
headers. It works on Freebsd server. I tried send this request to other OS - it
doesnt crash. 
Before I found this problem I tried reinstall OS from freebsd 8 to freebsd 9. I
also tried all versions of Apache, including last one, and all mysql, php,

Could you fix this please. This person changes ip and I need catch his ip and
add to blacklist. But time of time my server crashes.


You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message