httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 54498] New: apache crash on any cgi request with certain http accept header
Date Mon, 28 Jan 2013 22:23:00 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=54498

            Bug ID: 54498
           Summary: apache crash on any cgi request with certain http
                    accept header
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
          Assignee: bugs@httpd.apache.org
          Reporter: franktraffic@gmail.com
    Classification: Unclassified

I have problem with regular crash my apache / whole server because of out of
memory. 

After investigating I found somebody sends requests to any .cgi script with
this header [HTTP_ACCEPT] => !!mUiX6BaBHCeqIoxmNSdGa/XC2O8YisRs3w03aglTIw0A
I have only certain group of scripts installed, but i think it will crash with
any script. 

As a result it generates thousand httpd proccesses and it eat all resourses.
In log 
212.117.160.93 - - [08/Jan/2013:17:41:19 -0600] GET /cgi-bin/a2/out.cgi
HTTP/1.1 "200" 56695613 "http://cut.../cgi-b
in/a2/out.cgi" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" "-"

This is 56695613 answer size. It looks like while it return this answer all
scripts are locked and because new requests are incoming - in couple of minutes
there are accumulated thousand httpd proccesses.

I verified and simulated it - it crashes apache every time when I send this
headers. It works on Freebsd server. I tried send this request to other OS - it
doesnt crash. 
Before I found this problem I tried reinstall OS from freebsd 8 to freebsd 9. I
also tried all versions of Apache, including last one, and all mysql, php,
nginx.

Could you fix this please. This person changes ip and I need catch his ip and
add to blacklist. But time of time my server crashes.

Thanks

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message