You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/03/02 17:41:35 UTC

DO NOT REPLY [Bug 46788] New: Set resource limits to avoid denial of service attacks from malicious CGI scripts

https://issues.apache.org/bugzilla/show_bug.cgi?id=46788

           Summary: Set resource limits to avoid denial of service attacks
                    from malicious CGI scripts
           Product: Apache httpd-2
           Version: 2.2.3
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: asmith@ca.ibm.com


Created an attachment (id=23320)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23320)
patch

We've been using this patch to deal with an internal problem, but I thought
it's worth pushing it to Apache in case there is interest:

Execute a CGI script that continues to create new processes in an endless
loop.

Expected Results: The script will be limited to a set number of process
it can create.

Actual Results: Today this is not limited for CGI scripts.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org