Package: apache2
Version: 2.2.16-6+squeeze6
Severity: serious
Tags: security
Hello,
I noticed on a customers server, that apache periodical crashes the
whole system by using the whole available memory until it swaps away.
I have found out that this is caused by a crafted .htaccess where german
umlauts handled in a wrong way.
I have tested it on:
* Lenny amd64 with apache2-prefork
* Lenny i386 with apache2-prefork
* Squeeze amd64 with apache2-prefork
* Squeeze i386 with apache2-prefork
* Lenny amd64 with apache2-worker
* Lenny i386 with apache2-worker
* Squeeze amd64 with apache2-worker
* Squeeze i386 with apache2-worker
It is reproduced easily on all systems (locale of all systems: de_DE.UTF-8)
Ways to reproduce:
# apt-get install apache2
# a2enmod rewrite
Put the following code to e.g. /var/www/.htaccess:
RewriteEngine on
RewriteBase /
RewriteRule ^(.*)\xC3\x84(.*)$ $1Ä$2 [N,E=utf8_fixed:1]
RewriteRule ^(.*)\xC3\xA4(.*)$ $1ä$2 [N,E=utf8_fixed:1]
RewriteRule ^(.*)\xC3\x96(.*)$ $1Ö$2 [N,E=utf8_fixed:1]
RewriteRule ^(.*)\xC3\xB6(.*)$ $1ö$2 [N,E=utf8_fixed:1]
RewriteRule ^(.*)\xC3\x9C(.*)$ $1Ü$2 [N,E=utf8_fixed:1]
RewriteRule ^(.*)\xC3\xBC(.*)$ $1ü$2 [N,E=utf8_fixed:1]
RewriteRule ^(.*)\xC3\x9F(.*)$ $1ß$2 [N,E=utf8_fixed:1]
Go to your browser and open:
http://localhost/Parf%C3%BCmerie
Now the server runs out of memory very fast!
This is especialy a big problem for shared hosters with mod_rewrite
enabled (most vhosts require them today) where users could put their own
.htaccess to the documentroot
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
GNU/Linux Debian Developer
E-Mail: pmatth...@debian.org
patr...@linux-dev.org
*/
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
