You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/05/08 04:53:56 UTC
DO NOT REPLY [Bug 19753] New: -
Local exploit denial of service using DirectoryIndex in .htaccess
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19753>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19753
Local exploit denial of service using DirectoryIndex in .htaccess
Summary: Local exploit denial of service using DirectoryIndex in
.htaccess
Product: Apache httpd-2.0
Version: 2.0.45
Platform: PC
URL: n/a
OS/Version: FreeBSD
Status: NEW
Severity: Major
Priority: Other
Component: mod_dir
AssignedTo: bugs@httpd.apache.org
ReportedBy: ryan@ryano.net
In a directory configured with AllowOverride All in httpd.conf, this one line in
a .htaccess will cause (what i perceive to be) an infinite loop in a single
httpd process (using 100% cpu):
DirectoryIndex .
Subsequent reloads will cause more processes to start using as much cpu as they
can muster. My load starts going up and up and i imagine everything will start
crashing eventually (if i don't take care of it by killing apache).
I'm running FreeBSD 4.8-STABLE with apache-2.0.45 installed from ports.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org