Bug #326435 - CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter

To: debian-apache@lists.debian.org
Subject: Bug #326435 - CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter
From: John Morrissey <jwm@horde.net>
Date: Thu, 10 Aug 2006 15:12:49 -0400
Message-id: <[🔎] 20060810191249.GA12102@boost.horde.net>

Hi everyone--

I'm having a problem with Apache children randomly leaking several hundred
megabytes of memory. This happens suddenly (over the course of just a few
minutes) and the affected children usually continue to serve requests while
they're leaking.

Here's the thread from httpd-users with more information on our particular
situation, including configuration information, symptoms, and backtraces:

http://marc.theaimsgroup.com/?l=apache-httpd-users&m=114960657316006&w=2

We eventually worked around it by using this configuration, which is a
workaround for CAN-2005-2728:

RequestHeader unset Range
Header unset Accept-Ranges

It's strange that we're running 2.0.54-5, which patches for this
vulnerability, and does so by applying the exact patch from the
corresponding Apache bug
(http://issues.apache.org/bugzilla/show_bug.cgi?id=29962).

Is this problem due to another bug that coincidentally has the same
workaround? Since applying this configuration, not a single Apache child has
leaked. Any thoughts?

thanks,
john
-- 
John Morrissey          _o            /\         ----  __o
jwm@horde.net        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__

Reply to:

Prev by Date: bony
Next by Date: apache2 2.0.55-4.1 MIGRATED to testing
Previous by thread: bony
Next by thread: apache2 2.0.55-4.1 MIGRATED to testing
Index(es):
- Date
- Thread