Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 6312 invoked from network); 30 Jun 2009 05:19:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 30 Jun 2009 05:19:38 -0000 Received: (qmail 67923 invoked by uid 500); 30 Jun 2009 05:19:47 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 67855 invoked by uid 500); 30 Jun 2009 05:19:47 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 67846 invoked by uid 99); 30 Jun 2009 05:19:47 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Jun 2009 05:19:47 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of toadie643@gmail.com designates 209.85.132.240 as permitted sender) Received: from [209.85.132.240] (HELO an-out-0708.google.com) (209.85.132.240) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Jun 2009 05:19:38 +0000 Received: by an-out-0708.google.com with SMTP id d40so1308579and.39 for ; Mon, 29 Jun 2009 22:19:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=KOKwl7neSBqpqHNGFeq1LsQisTdWHe/IOmFHteQh5ds=; b=Oq6xjiLgDHE1sWWzumh2xilZEitVGDODoZDtlLilpf4N4dzX1IeNwvYmE2X6zxk9qK FRNitGJmtlkmwOXAaALa4LccD2jhlyTzk5qErHWaNIoIs7lDmCOZTztyPgawGTzVg6Q8 XQP9FcqUFHgxEsn/l5oRa/oiZNogX6N9oBwpE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=SEsE2g3Vud0Cf9KfuOa7fRoNdtvSudvSGJ3D86bNJ4Yf2MynLEPg4Ny8LZ9Q/lxfJC xRegOS5hnWlfu//sQbBIXC/WZ4kTdTWgrmJh7xJl5A9xcq6F1EkABw9Q0shVWZrjBWtV SfIUjGqNI0SR1N5uuMwlwV93OTt+vNa3d5hgw= MIME-Version: 1.0 Received: by 10.100.123.12 with SMTP id v12mr10630823anc.21.1246339157476; Mon, 29 Jun 2009 22:19:17 -0700 (PDT) In-Reply-To: <1404e5910906292124p59d96567s7a56a8b8090025e2@mail.gmail.com> References: <53cb81ac0906292110o762b2c38t9714f8eaf6a9148a@mail.gmail.com> <1404e5910906292124p59d96567s7a56a8b8090025e2@mail.gmail.com> Date: Mon, 29 Jun 2009 22:19:17 -0700 Message-ID: <53cb81ac0906292219o11d75681k5c6c5c74ea0cba06@mail.gmail.com> Subject: Re: protocol for reporting bug that 'may' be considered exploit From: Toadie To: dev@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Thank you! Will file one shortly. On Mon, Jun 29, 2009 at 9:24 PM, Eric Covener wrote: > On Tue, Jun 30, 2009 at 12:10 AM, Toadie wrote: >> Hello, >> >> I think we may have discovered an issue with mod_proxy that 'could' be >> used as an exploit to render an Apache server useless. > > report via email to security@apache.org ( more detail at > http://www.apache.org/security/ ) > > > -- > Eric Covener > covener@gmail.com >