On Tuesday 13 March 2012, Patrick Matthäi wrote:
> If the regular expression is wrong, okay, but what is about e.g.
> the RedirectLimit? This also could cause server problems with
> crafted configurations, but there is internal apache limit
> available.
You mean LimitInternalRecursion? That is to
Am 13.03.2012 20:15, schrieb Stefan Fritsch:
>> RewriteEngine on
>> RewriteBase /
>> RewriteRule ^(.*)\xC3\x84(.*)$ $1Ä$2 [N,E=utf8_fixed:1]
>
> The problem is not the special character but that this regular
> expression has quadratic complexity in the string length. Using (.*?)
> instead of (.*
severity 663723 wishlist
tags 663723 -security
retitle 663723 apache2 does not prevent DoS through .htaccess files
thanks
On Tuesday 13 March 2012, Patrick Matthäi wrote:
> I noticed on a customers server, that apache periodical crashes the
> whole system by using the whole available memory until
Package: apache2
Version: 2.2.16-6+squeeze6
Severity: serious
Tags: security
Hello,
I noticed on a customers server, that apache periodical crashes the
whole system by using the whole available memory until it swaps away.
I have found out that this is caused by a crafted .htaccess where germa
4 matches
Mail list logo
