httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pascal Junod (Mailing Lists)" <>
Subject [mod_auth_digest] zombie code
Date Tue, 26 Mar 2013 06:56:16 GMT
Dear Apache developpers,

You might want to clean a bit the code of


This blog post

explains why and how.

Essentially, it is possible to make httpd crash by awakening code
related to the MD5-sess digest authentication mechanism variant.

Latest versions 2.4.4 and 2.2.24 are vulnerable to this bug.



View raw message