[users@httpd] Re: CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest

Hi, Please can you point us to the patch for this CVE? regards, Rashmi On Thu, Jul 13, 2017 at 6:32 PM, William A Rowe Jr wrote: > CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest > > Severity: Important > > Vendor: The Apache Software Foundation > >

[users@httpd] SSLSessioncache Timeout extension

Hi Yann/Eric, Is it possible to change the timeout value of the session cache (SSLSessionCacheTimeout) to: now(current time) + timeout., every time a new request is submitted or a new refresh happens. This will be an additional option which can be externally enabled in the conf

Re: [users@httpd] HTTPProtoco Options Apache 2.2

Thanks Eric, Please ignore my previous message. http://svn.apache.org/viewvc?view=revision=1783440 Porting from above, httpprotocoloptions works as expected. Thanks, Rashmi On Wed, Jun 14, 2017 at 9:25 AM, Rashmi Srinivasan < rashmisrinivasan2...@gmail.com> wrote: > Thanks for your

Re: [users@httpd] HTTPProtoco Options Apache 2.2

ds, Rashmi On Tue, Jun 13, 2017 at 11:56 PM, Eric Covener <cove...@gmail.com> wrote: > http://svn.apache.org/viewvc?view=revision=1783440 > > > On Tue, Jun 13, 2017 at 2:19 PM, Rashmi Srinivasan > <rashmisrinivasan2...@gmail.com> wrote: > > Hi Yann/Eric. >

[users@httpd] HTTPProtoco Options Apache 2.2

Hi Yann/Eric. -We have ported the changes for CVE -2016-8743. into apache 2.2 on HP-UX But while testing we find that HTTPProtocolOption Unsafe tested with GET /HTTP 1.0/\n\n responds with BAD Request, when it is suppose to succeed. However after making changes as

Re: [users@httpd] Query on cgidtimeout

Hi Please advise how cgidscripttimeout works. It doesn't seem to timeout as expected. regards, Rashmi On Thu, Jun 8, 2017 at 10:56 PM, Rashmi Srinivasan < rashmisrinivasan2...@gmail.com> wrote: > Hi Eric/Yann, > Any suggestions on this issue please? > >

Re: [users@httpd] Query on cgidtimeout

Hi Eric/Yann, Any suggestions on this issue please? regards, Rashmi On Thu, Jun 8, 2017 at 9:28 AM, Rashmi Srinivasan < rashmisrinivasan2...@gmail.com> wrote: > Hi Eric, > There is nothing logged as the execution is successful. > Do you have any pointers. >

Re: [users@httpd] Query on cgidtimeout

com> wrote: > On Wed, Jun 7, 2017 at 12:16 PM, Rashmi Srinivasan > <rashmisrinivasan2...@gmail.com> wrote: > >Is there anything i am missing, pls advise. > > > Is anything logged? > > - &

[users@httpd] Query on cgidtimeout

Hi Yann, I have a query wrt cgidscripttimeout in apache 2.4 There is simple cgi script which runs in loop printing the env variables. However low the value of cgidscripttimeout ts set to the script doesnt seem to terminate, but executes completely. Is there anything i am

Re: [users@httpd] Fwd: Patches for CVE-2016-8743 (apache 2.4.18)

Thanks lot Yann for confirming. regards, Rashmi On Sun, Jun 4, 2017 at 4:09 AM, Yann Ylavic <ylavic@gmail.com> wrote: > Hi Rashmi, > > On Thu, Jun 1, 2017 at 11:19 AM, Rashmi Srinivasan > <rashmisrinivasan2...@gmail.com> wrote: > > To port the f

Re: [users@httpd] Fwd: Patches for CVE-2016-8743 (apache 2.4.18)

Hi Yann, Any update on this will be very helpful. regards, Rashmi On Thu, Jun 1, 2017 at 2:49 PM, Rashmi Srinivasan < rashmisrinivasan2...@gmail.com> wrote: > Hi Yann, > To port the fix for CVE-2016-8743 to 2.2.29, is it ok to port > the changes from http:/

Re: [users@httpd] Fwd: Patches for CVE-2016-8743 (apache 2.4.18)

Hi Yann, To port the fix for CVE-2016-8743 to 2.2.29, is it ok to port the changes from http://svn.apache.org/viewvc?view=revision=1777405 Would that suffice? Please advise. regards, Rashmi On Fri, Feb 10, 2017 at 1:30 PM, Rashmi Srinivasan < rashmisrinivas

[users@httpd] Fwd: Query on SSLSessionTickets

Hi, One quick query: How do we figure out if apache is using session tickets, debug log doesnt seem to add "OpenSSL: Loop: SSLv3 write session ticket A" in the debug log? Does this mean session tickets are not in use. Please advise. regards, Rashmi

Re: [users@httpd] Fwd: Patches for CVE-2016-8743 (apache 2.4.18)

Thank a lot for the patch Yann, I will check if this fits in. regards, Rashmi On Wed, Jan 25, 2017 at 6:04 PM, Yann Ylavic <ylavic@gmail.com> wrote: > Hi, > > On Wed, Jan 25, 2017 at 9:17 AM, Rashmi Srinivasan > <rashmisrinivasan2...@gmail.com> wrote: > > >

[users@httpd] Fwd: Patches for CVE-2016-8743 (apache 2.4.18)

Hi, We are trying to port the fix for CVE (CVE-2016-8743) to 2.4.18. Tried checking the revision on git for the list of files fixed for this CVE. There are lots of changes related to RFC7320 and was difficult to figure out the files changed for this CVE as We couldnt find the CVE-2016-8743 in

Re: [users@httpd] Apache 2.4 (Apache Benchmarking) - Too many open files (24)

On Sat, Sep 24, 2016 at 1:02 AM, Stormy <storm...@stormy.ca> wrote: > At 12:18 AM 9/24/2016 +0530, Rashmi Srinivasan wrote: > >> Hi, >> >> This is the output of ulimit -a >> > [snip] > >> max user processes        (-u) 1024 >>

Re: [users@httpd] Apache 2.4 (Apache Benchmarking) - Too many open files (24)

k Apache 2.2 and 4.4 uses diferent mpm mode (my memory is poor). > I think you OS is limiting the number of Opens Files that can Manage. > (safety reasons) > Please, can you print you ulimit output, as I advise on a previous mail? > > Thanks. > > 2016-09-23 11:55 GMT+02:00 Rashmi

Re: [users@httpd] Apache 2.4 (Apache Benchmarking) - Too many open files (24)

Hi, Do you feel this is the issue with some configuration or would this be an issue with apache itself. Has anybody encountered a performance issue of this kind. Please comment Thanks, RS On Fri, Sep 23, 2016 at 1:43 PM, Rashmi Srinivasan < rashmisrinivasan2...@gmail.com>

Re: [users@httpd] Apache 2.4 (Apache Benchmarking) - Too many open files (24)

Is there a minimum requirement for apache 2.4 to run these tests? I have tried on different machines with different configurations with the same outcome. Please advise. Thanks, RS On Fri, Sep 23, 2016 at 1:14 AM, Rashmi Srinivasan < rashmisrinivasan2...@gmail.com> wrote: > Hi,

Re: [users@httpd] Apache 2.4 (Apache Benchmarking) - Too many open files (24)

utilzation reached 99.9% Which is when apache terminates What changes are to be done in this case. Please advise Thanks, RS On Thu, Sep 22, 2016 at 9:54 PM, Yann Ylavic <ylavic@gmail.com> wrote: > On Thu, Sep 22, 2016 at 5:20 PM, Rashmi Srinivasan > <rashmisrinivasan2...@gmail.c

Re: [users@httpd] Apache 2.4 (Apache Benchmarking) - Too many open files (24)

the serverlimit and MaxRequestWorkers. Access log has the following status: [22/Sep/2016:20:17:21 +0530] "GET /cgi-bin/script.cgi HTTP/1.0" 200 16 Please check and let me know. Thanks , RS On Thu, Sep 22, 2016 at 8:34 PM, Rashmi Srinivasan < rashmisrinivasan2...@gmail.com> wrote: > &g

Re: [users@httpd] Apache 2.4 (Apache Benchmarking) - Too many open files (24)

, Sep 22, 2016 at 3:47 PM, Yann Ylavic <ylavic@gmail.com> wrote: > On Thu, Sep 22, 2016 at 8:57 AM, Rashmi Srinivasan > <rashmisrinivasan2...@gmail.com> wrote: > > > > Benchmarking x.x.x.x (be patient) > > Completed 8000 requests > > apr_socket_recv: Co

Re: [users@httpd] Apache 2.4 (Apache Benchmarking) - Too many open files (24)

com> wrote: > Hi, > > On Thu, Sep 22, 2016 at 6:32 AM, Rashmi Srinivasan > <rashmisrinivasan2...@gmail.com> wrote: > > > > > > 2000 concurrent requests > > > > Benchmarking x.x.x.x (be patient) > &

[users@httpd] Apache 2.4 (Apache Benchmarking) - Too many open files (24)

Hi, Below is the issue encountered when i am trying to use apache 2.4 to validate performance using the benchmarking tool(ab tool). ab is invoked with 2000/1000 concurrent requests and subjected to 8 cgi requests. The module enabled is mod_cgid. Occurs with worker/event mpm enabled MPM