Re: os-windows/7522: Apache Win32 8192 string bug

[wr...@apache.org]

[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]


Synopsis: Apache Win32 8192 string bug

State-Changed-From-To: open-closed
State-Changed-By: wrowe
State-Changed-When: Wed May 30 08:00:39 PDT 2001
State-Changed-Why:

Affected OS2 and Win32, this denial-of-service exploit was
closed in Apache release 1.3.20.

In the case of an extremely long uri, a deeply embedded 
parser properly discarded the request, returning the NULL 
pointer, and the next higher-level parser was not prepared 
for that contigency.  Note further that accessing the NULL
pointer created an exception caught by the OS, causing the
apache process to be immediately terminated.  While this 
exposes a denial-of-service attack, it does not pose an
opportunity for any server exploits or data vulnerability. 

Thank you for your report and discovery, next time please
direct such reports to security@apache.org before using a
public forum such as bugs.apache.org, so we have the chance
to close the exploit and make a patch available before a
vulnerability is widely dissemenated.


Release-Changed-From-To: ALL!!!-All prior to 1.3.20
Release-Changed-By: wrowe
Release-Changed-When: Wed May 30 08:00:39 PDT 2001
Severity-Changed-From-To: serious-critical
Severity-Changed-By: wrowe
Severity-Changed-When: Wed May 30 08:00:39 PDT 2001