www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Pike <jp...@net-link.net>
Subject general/1609: Apache DoS attack, creates a high load on the apache server.
Date Tue, 30 Dec 1997 23:24:50 GMT

>Number:         1609
>Category:       general
>Synopsis:       Apache DoS attack, creates a high load on the apache server.
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Dec 30 15:30:00 PST 1997
>Last-Modified:
>Originator:     jpike@net-link.net
>Organization:
apache
>Release:        1.2.x all
>Environment:
Linux jinx 2.0.33 #1 Tue Dec 23 14:57:11 EST 1997 i686 unknown
Reading specs from /usr/lib/gcc-lib/i586-unknown-linux-gnulibc1/2.7.2.3/specs
gcc version 2.7.2.3
>Description:
Here's a simple exploit for Apache httpd version 1.2.x (tested on 1.2.4).
When launched, causes incerases of victim's load average and extreme
slowdowns of disk operations. On my i586 Linux annoying slowdown has been
experienced immediately (after maybe 5 seconds). After about 4 minutes
work has been turned into real hell (286?).

Take a look at BUGTRAQ http://www.geek-girl.com/bugtraq/1997_4/0563.html
>How-To-Repeat:
Yes, I have been able to repeat the problem on my machines.
>Fix:
Non
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]




Mime
View raw message