Hi,
Please can you point us to the patch for this CVE?
regards,
Rashmi
On Thu, Jul 13, 2017 at 6:32 PM, William A Rowe Jr
wrote:
> CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest
>
> Severity: Important
>
> Vendor: The Apache Software Foundation
>
>
Hi Yann/Eric,
Is it possible to change the timeout value of the session cache
(SSLSessionCacheTimeout) to:
now(current time) + timeout., every time a new request is submitted
or a new refresh happens.
This will be an additional option which can be externally enabled in
the conf
Thanks Eric, Please ignore my previous message.
http://svn.apache.org/viewvc?view=revision=1783440
Porting from above, httpprotocoloptions works as expected.
Thanks,
Rashmi
On Wed, Jun 14, 2017 at 9:25 AM, Rashmi Srinivasan <
rashmisrinivasan2...@gmail.com> wrote:
> Thanks for your
ds,
Rashmi
On Tue, Jun 13, 2017 at 11:56 PM, Eric Covener <cove...@gmail.com> wrote:
> http://svn.apache.org/viewvc?view=revision=1783440
>
>
> On Tue, Jun 13, 2017 at 2:19 PM, Rashmi Srinivasan
> <rashmisrinivasan2...@gmail.com> wrote:
> > Hi Yann/Eric.
>
Hi Yann/Eric.
-We have ported the changes for CVE -2016-8743. into apache 2.2 on
HP-UX
But while testing we find that HTTPProtocolOption Unsafe tested
with GET /HTTP 1.0/\n\n responds with BAD Request, when it is suppose to
succeed.
However after making changes as
Hi
Please advise how cgidscripttimeout works.
It doesn't seem to timeout as expected.
regards,
Rashmi
On Thu, Jun 8, 2017 at 10:56 PM, Rashmi Srinivasan <
rashmisrinivasan2...@gmail.com> wrote:
> Hi Eric/Yann,
> Any suggestions on this issue please?
>
>
Hi Eric/Yann,
Any suggestions on this issue please?
regards,
Rashmi
On Thu, Jun 8, 2017 at 9:28 AM, Rashmi Srinivasan <
rashmisrinivasan2...@gmail.com> wrote:
> Hi Eric,
> There is nothing logged as the execution is successful.
> Do you have any pointers.
>
com> wrote:
> On Wed, Jun 7, 2017 at 12:16 PM, Rashmi Srinivasan
> <rashmisrinivasan2...@gmail.com> wrote:
> >Is there anything i am missing, pls advise.
>
>
> Is anything logged?
>
> -
&
Hi Yann,
I have a query wrt cgidscripttimeout in apache 2.4
There is simple cgi script which runs in loop printing the env
variables.
However low the value of cgidscripttimeout ts set to the script
doesnt seem to terminate, but executes completely.
Is there anything i am
Thanks lot Yann for confirming.
regards,
Rashmi
On Sun, Jun 4, 2017 at 4:09 AM, Yann Ylavic <ylavic@gmail.com> wrote:
> Hi Rashmi,
>
> On Thu, Jun 1, 2017 at 11:19 AM, Rashmi Srinivasan
> <rashmisrinivasan2...@gmail.com> wrote:
> > To port the f
Hi Yann,
Any update on this will be very helpful.
regards,
Rashmi
On Thu, Jun 1, 2017 at 2:49 PM, Rashmi Srinivasan <
rashmisrinivasan2...@gmail.com> wrote:
> Hi Yann,
> To port the fix for CVE-2016-8743 to 2.2.29, is it ok to port
> the changes from http:/
Hi Yann,
To port the fix for CVE-2016-8743 to 2.2.29, is it ok to port the
changes from http://svn.apache.org/viewvc?view=revision=1777405
Would that suffice?
Please advise.
regards,
Rashmi
On Fri, Feb 10, 2017 at 1:30 PM, Rashmi Srinivasan <
rashmisrinivas
Hi,
One quick query:
How do we figure out if apache is using session tickets, debug log doesnt
seem to add "OpenSSL: Loop: SSLv3 write session ticket A" in the debug log?
Does this mean session tickets are not in use.
Please advise.
regards,
Rashmi
Thank a lot for the patch Yann,
I will check if this fits in.
regards,
Rashmi
On Wed, Jan 25, 2017 at 6:04 PM, Yann Ylavic <ylavic@gmail.com> wrote:
> Hi,
>
> On Wed, Jan 25, 2017 at 9:17 AM, Rashmi Srinivasan
> <rashmisrinivasan2...@gmail.com> wrote:
>
> >
Hi,
We are trying to port the fix for CVE (CVE-2016-8743) to 2.4.18. Tried
checking the revision on git for the list of files fixed for this CVE.
There are lots of changes related to RFC7320 and was difficult to figure
out the files changed for this CVE as We couldnt find the CVE-2016-8743 in
On Sat, Sep 24, 2016 at 1:02 AM, Stormy <storm...@stormy.ca> wrote:
> At 12:18 AM 9/24/2016 +0530, Rashmi Srinivasan wrote:
>
>> Hi,
>>
>> This is the output of ulimit -aÂ
>>
> [snip]
>
>> max user processes        (-u) 1024
>>
k Apache 2.2 and 4.4 uses diferent mpm mode (my memory is poor).
> I think you OS is limiting the number of Opens Files that can Manage.
> (safety reasons)
> Please, can you print you ulimit output, as I advise on a previous mail?
>
> Thanks.
>
> 2016-09-23 11:55 GMT+02:00 Rashmi
Hi,
Do you feel this is the issue with some configuration or would this be an
issue with apache itself.
Has anybody encountered a performance issue of this kind.
Please comment
Thanks,
RS
On Fri, Sep 23, 2016 at 1:43 PM, Rashmi Srinivasan <
rashmisrinivasan2...@gmail.com>
Is there a minimum requirement for apache 2.4 to run these tests?
I have tried on different machines with different configurations with the
same outcome.
Please advise.
Thanks,
RS
On Fri, Sep 23, 2016 at 1:14 AM, Rashmi Srinivasan <
rashmisrinivasan2...@gmail.com> wrote:
> Hi,
utilzation reached 99.9%
Which is when apache terminates
What changes are to be done in this case.
Please advise
Thanks,
RS
On Thu, Sep 22, 2016 at 9:54 PM, Yann Ylavic <ylavic@gmail.com> wrote:
> On Thu, Sep 22, 2016 at 5:20 PM, Rashmi Srinivasan
> <rashmisrinivasan2...@gmail.c
the serverlimit and MaxRequestWorkers.
Access log has the following status:
[22/Sep/2016:20:17:21 +0530] "GET /cgi-bin/script.cgi HTTP/1.0" 200 16
Please check and let me know.
Thanks ,
RS
On Thu, Sep 22, 2016 at 8:34 PM, Rashmi Srinivasan <
rashmisrinivasan2...@gmail.com> wrote:
>
&g
, Sep 22, 2016 at 3:47 PM, Yann Ylavic <ylavic@gmail.com> wrote:
> On Thu, Sep 22, 2016 at 8:57 AM, Rashmi Srinivasan
> <rashmisrinivasan2...@gmail.com> wrote:
> >
> > Benchmarking x.x.x.x (be patient)
> > Completed 8000 requests
> > apr_socket_recv: Co
com> wrote:
> Hi,
>
> On Thu, Sep 22, 2016 at 6:32 AM, Rashmi Srinivasan
> <rashmisrinivasan2...@gmail.com> wrote:
> >
> >
> > 2000 concurrent requests
> >
> > Benchmarking x.x.x.x (be patient)
> &
Hi,
Below is the issue encountered when i am trying to use apache 2.4 to
validate performance using the benchmarking tool(ab tool).
ab is invoked with 2000/1000 concurrent requests and subjected to 8 cgi
requests. The module enabled is mod_cgid. Occurs with worker/event mpm
enabled
MPM
24 matches
Mail list logo