You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2011/05/11 13:47:55 UTC
svn commit: r1101842 - in /httpd/site/trunk:
docs/security/vulnerabilities_22.html
xdocs/security/vulnerabilities-httpd.xml
Author: mjc
Date: Wed May 11 11:47:55 2011
New Revision: 1101842
URL: http://svn.apache.org/viewvc?rev=1101842&view=rev
Log:
<thoger> mjc: possibly s/Mitigation/Workaround/, as that seems to be what was used before
Modified:
httpd/site/trunk/docs/security/vulnerabilities_22.html
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=1101842&r1=1101841&r2=1101842&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html [utf-8] Wed May 11 11:47:55 2011
@@ -115,7 +115,7 @@ cause excessive CPU usage. This could b
attack.
</p>
<p>
-Mitigation: Setting the 'IgnoreClient' option to the 'IndexOptions'
+Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
directive disables processing of the client-supplied request query
arguments, preventing this attack.
</p>
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=1101842&r1=1101841&r2=1101842&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Wed May 11 11:47:55 2011
@@ -12,7 +12,7 @@ remote attacker could send a carefully c
cause excessive CPU usage. This could be used in a denial of service
attack.
</p><p>
-Mitigation: Setting the 'IgnoreClient' option to the 'IndexOptions'
+Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions'
directive disables processing of the client-supplied request query
arguments, preventing this attack.
</p>