httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: svn commit: r790587 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_http.c
Date Sat, 04 Jul 2009 22:23:46 GMT
jorton@apache.org wrote:

>  Changes with Apache 2.3.3
>  
> +  *) SECURITY: CVE-2009-1890 (cve.mitre.org) 
> +     Fix a potential Denial-of-Service attack against mod_proxy in a
> +     reverse proxy configuration, where a remote attacker can force a
> +     proxy process to consume CPU time indefinitely.  [Nick Kew, Joe Orton]

I thought in this instance, the original reporter's diagnostic
work contributed more to the patch than we did.  I think he
should be credited in the changelog here.

-- 
Nick Kew

Mime
View raw message