httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <>
Subject Re: [users@httpd] Buffer overrun in Apache 2.4.7-2.4.17
Date Wed, 16 Dec 2015 06:26:02 GMT
On Tue, Dec 15, 2015 at 2:34 PM, Mike Pastore <> wrote:

> Hi folks,
> I believe I've found a buffer overrun affecting (at least) Apache 2.4.7
> and 2.4.17. I don't know enough about this sort of thing to determine how
> serious it is and whether or not it is a potential security vulnerability.
> If someone would please work with me to validate my findings and help me
> handle it responsibly, I would greatly appreciate it.

The only maintained version is 2.4.x branch, which corresponds to 2.4.18
right now, or 2.2.31.  Anything older that is no longer vulnerable we treat
as non-sequitur, potentially a problem but not applicable to the shipping

We would love for you to reproduce and share at
to confirm or reject the suggested exploit, and we do appreciate responsible

View raw message