Return-Path: Delivered-To: apache-bugdb-archive@hyperreal.org Received: (qmail 2157 invoked by uid 6000); 9 Nov 1998 07:04:14 -0000 Received: (qmail 2140 invoked by uid 149); 9 Nov 1998 07:04:13 -0000 Date: 9 Nov 1998 07:04:13 -0000 Message-ID: <19981109070413.2139.qmail@hyperreal.org> To: apache-bugdb@apache.org, marc@apache.org, sniffen@goodnet.com From: marc@apache.org Subject: Re: mod_include/3323: Dos style attack with the usage of SSI's include virtual directive Sender: apache-bugdb-owner@apache.org Precedence: bulk [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ] Synopsis: Dos style attack with the usage of SSI's include virtual directive State-Changed-From-To: feedback-closed State-Changed-By: marc State-Changed-When: Sun Nov 8 23:04:12 PST 1998 State-Changed-Why: A fix to prevent this, plus other infinite recursive includes, has been committed and will be available in 1.3.4.