On Monday, June 24, 2013, William A. Rowe Jr. wrote:
> On Mon, 24 Jun 2013 10:47:17 -0500
> "William A. Rowe Jr." > wrote:
>
> > On Sat, 22 Jun 2013 10:09:35 -0400
> > Jeff Trawick > wrote:
> >
> > > On Fri, Jun 21, 2013 at 2:43 PM, William A. Rowe Jr.
> > > >wrote:
> > >
> > > > On Fri, 21 Jun 20
On Mon, 24 Jun 2013 10:47:17 -0500
"William A. Rowe Jr." wrote:
> On Sat, 22 Jun 2013 10:09:35 -0400
> Jeff Trawick wrote:
>
> > On Fri, Jun 21, 2013 at 2:43 PM, William A. Rowe Jr.
> > wrote:
> >
> > > On Fri, 21 Jun 2013 13:19:36 -0400
> > > Jeff Trawick wrote:
> > >
> > > > Even with the C
On Sat, 22 Jun 2013 10:09:35 -0400
Jeff Trawick wrote:
> On Fri, Jun 21, 2013 at 2:43 PM, William A. Rowe Jr.
> wrote:
>
> > On Fri, 21 Jun 2013 13:19:36 -0400
> > Jeff Trawick wrote:
> >
> > > Even with the CVE-2011-3607 it is still possible to DOS the
> > > server by consuming huge amounts of
On Fri, Jun 21, 2013 at 2:43 PM, William A. Rowe Jr. wrote:
> On Fri, 21 Jun 2013 13:19:36 -0400
> Jeff Trawick wrote:
>
> > Even with the CVE-2011-3607 it is still possible to DOS the server by
> > consuming huge amounts of memory with mod_setenvif using a specially
> > crafted configuration.
>
On Fri, 21 Jun 2013 13:19:36 -0400
Jeff Trawick wrote:
> Even with the CVE-2011-3607 it is still possible to DOS the server by
> consuming huge amounts of memory with mod_setenvif using a specially
> crafted configuration.
>
> Here's a backport of an existing fix in 2.4.x which resolves the
> is
Even with the CVE-2011-3607 it is still possible to DOS the server by
consuming huge amounts of memory with mod_setenvif using a specially
crafted configuration.
Here's a backport of an existing fix in 2.4.x which resolves the issue I
reproduced. Note that unlike in 2.4.x we need ap_pregsub to ha
