httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kahn Gillmor <...@fifthhorseman.net>
Subject CVE requested for mod-fcgid 2.3.6 (possible DoS vulnerability)
Date Thu, 15 Mar 2012 19:45:49 GMT
Hi Apache folks--

Just a heads-up to let you know that i've requested a CVE for 
mod_fcgid's 2.3.6 (the current release) due to possible DoS based on the 
module not respecting administrator-configured limits:

  http://www.openwall.com/lists/oss-security/2012/03/15/10

The issue is fixed in r1037727, but apparently not yet released.

The issue is also in the bugtracker as:

  https://issues.apache.org/bugzilla/show_bug.cgi?id=49902

Thanks for your work on apache!

Regards,

     --dkg

PS please keep me in the CC if there's more discussion; i've subscribed 
to http-dev to give this heads-up, but can't cope with yet another 
e-mail firehose for the long term. :/

Mime
View raw message