Bug #326435 - CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter
Hi everyone--
I'm having a problem with Apache children randomly leaking several hundred
megabytes of memory. This happens suddenly (over the course of just a few
minutes) and the affected children usually continue to serve requests while
they're leaking.
Here's the thread from httpd-users with more information on our particular
situation, including configuration information, symptoms, and backtraces:
http://marc.theaimsgroup.com/?l=apache-httpd-users&m=114960657316006&w=2
We eventually worked around it by using this configuration, which is a
workaround for CAN-2005-2728:
RequestHeader unset Range
Header unset Accept-Ranges
It's strange that we're running 2.0.54-5, which patches for this
vulnerability, and does so by applying the exact patch from the
corresponding Apache bug
(http://issues.apache.org/bugzilla/show_bug.cgi?id=29962).
Is this problem due to another bug that coincidentally has the same
workaround? Since applying this configuration, not a single Apache child has
leaked. Any thoughts?
thanks,
john
--
John Morrissey _o /\ ---- __o
jwm@horde.net _-< \_ / \ ---- < \,
www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__
Reply to: