coredump with 3 PerlSetVars
Title: Message Can anyone tell me why Apache would dump core when more than 2 PerlSetVars are used in a Location directive? This is Stronghold 2.4.2, Apache 1.3.6 and mod_perl 1.21 Brian Hann �
Re: coredump with 3 PerlSetVars
Apache 1.3.6 is ancient, has numerous known bugs and security exploits. Same for mod_perl 1.21. Update to apache 1.3.27 and I think mod_perl 1.27, see if it still happens. Wes Hann, Brian [EMAIL PROTECTED] on 02/03/2003 11:43:23 AM To:[EMAIL PROTECTED] cc: Subject:coredump with 3 PerlSetVars Can anyone tell me why Apache would dump core when more than 2 PerlSetVars are used in a Location directive? This is Stronghold 2.4.2, Apache 1.3.6 and mod_perl 1.21 Brian Hann (See attached file: C.htm) Title: Message Can anyone tell me why Apache would dump core when more than 2 PerlSetVars are used in a Location directive? This is Stronghold 2.4.2, Apache 1.3.6 and mod_perl 1.21 Brian Hann �
RE: coredump with 3 PerlSetVars
I wish that was an option, but unfortunately it's not due to the extreme amount of applications we would have to test and we don't have the manpower or time for that. I actually think the REAL problem is some sort of spacing/whitespace issue in the conf file. I'm going to test a few more things and then I'll post the results. Brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 11:00 AM To: Hann, Brian Cc: [EMAIL PROTECTED] Subject: Re: coredump with 3 PerlSetVars Apache 1.3.6 is ancient, has numerous known bugs and security exploits. Same for mod_perl 1.21. Update to apache 1.3.27 and I think mod_perl 1.27, see if it still happens. Wes Hann, Brian [EMAIL PROTECTED] on 02/03/2003 11:43:23 AM To:[EMAIL PROTECTED] cc: Subject:coredump with 3 PerlSetVars Can anyone tell me why Apache would dump core when more than 2 PerlSetVars are used in a Location directive? This is Stronghold 2.4.2, Apache 1.3.6 and mod_perl 1.21 Brian Hann (See attached file: C.htm)
Re: coredump with 3 PerlSetVars
On Mon, Feb 03, 2003 at 11:16:25AM -0600, Hann, Brian wrote: I wish that was an option, but unfortunately it's not due to the extreme amount of applications we would have to test and we don't have the manpower or time for that. of course, by posting to this list, you have just made any would-be trawler who happens across this information aware that the bank you work for is running a deprecated and insecure web server on a production machine (that appears to have some sort of e-banking interface?) and have no intention to fix it. even if your server is changerooted i'd imagine you'd still need to access things like database auth credentials and ssl private keys. can you really afford the man-hours of labour that would be generated if those were compromised? I actually think the REAL problem is some sort of spacing/whitespace issue in the conf file. I'm going to test a few more things and then I'll post the results. quite possibly. you could always go through three and a half years of changelogs to see if that particular bug was fixed. .dorian
