httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kahn Gillmor <>
Subject CVE requested for mod-fcgid 2.3.6 (possible DoS vulnerability)
Date Thu, 15 Mar 2012 19:45:49 GMT
Hi Apache folks--

Just a heads-up to let you know that i've requested a CVE for 
mod_fcgid's 2.3.6 (the current release) due to possible DoS based on the 
module not respecting administrator-configured limits:

The issue is fixed in r1037727, but apparently not yet released.

The issue is also in the bugtracker as:

Thanks for your work on apache!



PS please keep me in the CC if there's more discussion; i've subscribed 
to http-dev to give this heads-up, but can't cope with yet another 
e-mail firehose for the long term. :/

View raw message