Hi All,
I understand that, CVE-2021-40438 is fixed in httpd release 2.4.50 onwards.
But I would like to know more about, how this issue can be exploitable in
prior versions and can I know the commit id/patch details for this issue.
Tried looking into commit details in github apache repo, but coul
Hi Patrick,
On Mon, Oct 18, 2021 at 10:13 PM Patrick Verdon
wrote:
>
> Just a quick follow up - we've tried removing mod_http2 but still managed to
> provoke a crash. See the error_log below when stopping/restarting after httpd
> becomes unresponsive.
It seems to have eliminated the "reslist_c
Hi Yann,
Just a quick follow up - we've tried removing mod_http2 but still managed
to provoke a crash. See the error_log below when stopping/restarting after
httpd becomes unresponsive. We need to be a bit more careful removing other
modules to make sure they're not used, which is more time consum
Hi Yann,
Many thanks for the super quick response. We'll try to remove mod_http2 and
other modules as you suggest to see if that helps. I'll get back to you
once we've had a chance to test it.
Thanks.
Patrick
*--*
*Patrick Verdon | Founder*
Web: www.youreko.com
Mobile: +44 (0)7809 296438
Sky
Hi Patrick,
On Mon, Oct 18, 2021 at 11:27 AM Patrick Verdon
wrote:
>
> # cat /var/log/httpd/error_log
> httpd: misc/apr_reslist.c:161: reslist_cleanup: Assertion `rl->ntotal == 0'
> failed.
[]
> *** Error in `/usr/sbin/httpd': corrupted size vs. prev_size:
> 0x557f94567e4f ***
[]
> httpd: m
Hi All,
I'd appreciate some feedback on an issue I'm experiencing. I've spent quite
some time researching the problem as it causes a serious outage in our
application. I've searched the Web, Stack Overflow, this list's mail
archives, the latest Apache bugs, and more, but have not been able to find