httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@apache.org>
Subject Re: [Result] [Vote] .htaccess logic abuse
Date Wed, 21 Dec 2011 15:09:01 GMT
On Tue, Dec 20, 2011 at 03:25:09AM -0600, William Rowe wrote:
> On 11/18/2011 4:38 PM, William A. Rowe Jr. wrote:
> > After several prods, it seems the security@ and hackathon participants
> > can't be drawn out of their shells on to dev@.  So I'll simply call for
> > a majority vote on the following statement...
> > 
> > Resource abuse of an .htaccess config in the form of cpu/memory/bandwidth;
> > 
> >   [ ]  Is not a security defect
> 
> Carries with Issac, Joe, RĂ¼diger, Reindl, Eric, Stefan and myself in support,
> and Graham and Noel opposed. (6 x +1/1 x -1)

Thanks Bill - that consensus means that we do not consider CVE-2011-4415 
to be a security vulnerability in httpd.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4415

Regards, Joe

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message