httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: half-OT: heartbleed CVE-2014-0160
Date Wed, 09 Apr 2014 16:05:17 GMT


Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
> Combined with typical ssl session shmcb ... That single process still has session keys
of other prefork processes,
> as well as the common ssl session ticket key and ssl cert keys.  In practice the benefits
of prefork are somewhat
> limited to casual attacks.

that's clear and anything related to SSL/TLS (certificates, keys)
needs to be changed, the original question was about user-payload
like passwords submitted via POST on the neighbour worker




Mime
View raw message