httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <>
Subject Re: heartbleed & httpd config leakage
Date Sat, 12 Apr 2014 18:27:12 GMT

Am 12.04.2014 20:21, schrieb mi2 co2:
> Hi - I have a question regarding heartbleed and httpd configuration data leakage. It
was suggested that I ask this
> on the dev list as well.
> Should someone have been exploiting this bug, would it be possible that httpd configuration
data, derived via httpd
> confg files and in apache's memory, could have been leaked out through these openssl
malloc calls? Or is the memory
> space those malloc calls for the openssl encryption/decryption layer isolated from the
memory where httpd
> configuration is stored?

it affects the memory of httpd, in doubt any random memory of httpd
whatever critical / sensible data may accessed by httpd have to
be considered no longer to be private

anything else is talking about how likely possible somethings is
there is no proof possible - negative or positive

View raw message