https://bz.apache.org/bugzilla/show_bug.cgi?id=66599
--- Comment #7 from K <[email protected]> --- Hi there, So a shared hosting server where a client has access to write to their home folder to cause the httpd process to DOS all clients is allowed, or for example a website where a hacker uses a vulnerable script (think wordpress plugins , etc ) to add these rules, to then make a request to httpd to take the server down / DOS the server is not a considered a vulnerability in httpd, surly httpd should have some form of sanity in it to stop processing after so long (like the limitinternalrequests) in situations like this rather than spinning and OOM'ing the server. best regards K -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
