DO NOT REPLY [Bug 51714] Byte Range Filter might consume huge amounts of memory combined with compressed streams

[bu...@apache.org]

https://issues.apache.org/bugzilla/show_bug.cgi?id=51714

--- Comment #1 from kingcope <is...@googlemail.com> 2011-08-24 03:32:01 UTC ---
As discussed on the Apache Dev Mailing list it looks like this issue has
nothing to do with mod_deflate or mod_gzip, wrong assumption by me.

(In reply to comment #0)
> Created attachment 27429 [details]
> DoS Exploit for mentioned vulnerability
> 
> At least apache 2.2.17 has a remotely exploitable dos vulnerability which
> allows to consume all memory on a target system. A request for triggering the
> memory consumption includes a large "Range" header which requests as many
> different bytes as possible from a file served by httpd. Combining this with a
> gzip "Accept-Encoding" header the httpd is assumed to compress each of the
> bytes requested in the Range header seperately consuming large memory regions.
> The behaviour when compressing the streams is devestating and can end up in
> rendering the underlying operating system unusable when the requests are sent
> parallely. Symptomps are swapping to disk and killing of processes including
> but not solely httpd processes.
> 
> How to repeat:
> Execute the attached perl script for a vulnerable httpd, means Byte Range
> filter and mod_deflate/mod_gzip enabled.
> 
> Sidenote:
> Apache should be aware of that through posting to full disclosure. Nevertheless
> should in my opinion this bug be resolved.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org