An input filter bug in mod_ssl was discovered in Apache httpd version 2.0.50 and earlier. A remote attacker could force an SSL connection to be aborted in a particular state and cause an Apache child process to enter an infinite loop, consuming CPU resources. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0748 to this issue. https://rhn.redhat.com/errata/RHSA-2004-349.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748 ------- Additional Comments From moixa 2004-09-02 03:55:23 ---- Note the almost one-liner fix here: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964 ------- Additional Comments From dwb7.edu 2004-09-02 05:49:46 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Built packages for RH7.3: sha1sum -b *.rpm ef5ab48ad356a944c7cc3ba923c9dbb50ef83c5e *krb5-1.2.4-13.legacy.7x.src.rpm 810bb9ffba0ceeffdfe8622077680cd4a27a0152 *krb5-devel-1.2.4-13.legacy.7x.i386.rpm 113cbd9f47f9d141fddb5b6ae9a03deb000a3a35 *krb5-libs-1.2.4-13.legacy.7x.i386.rpm 1a2402efd13a1dff6c5c7935de846c2b3da12595 *krb5-server-1.2.4-13.legacy.7x.i386.rpm 2a7ea85868b70f76f990903a9a8a6223f6ed9e48 *krb5-workstation-1.2.4-13.legacy.7x.i386.rpm download from http://cf.ccmr.cornell.edu/publicdownloads/fedoralegacy-testing/krb5 - -DWB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBN0C9SY7s7uPf/IURAmaKAKCyzN/UHhzpTtFiUjI4ds5Z8VGrAACfXKUb nqqbHP2Jd+RAuTAPmPzNKbY= =8qto -----END PGP SIGNATURE----- ------- Additional Comments From dom 2004-09-07 14:17:01 ---- See also bug 1888. ------- Additional Comments From dwb7.edu 2004-09-07 16:40:20 ---- on the 7.3 side, seems this is covered by CAN-2004-0700 (covered in bug 1888) reference: https://rhn.redhat.com/errata/RHSA-2004-408.html ------- Additional Comments From marcdeslauriers 2004-09-10 11:01:38 ---- Looking at the source code for httpd 2.0.40, on which rh9 is based, it appears this bug does not apply. I am closing this. If someone thinks the bug applies, it can be reopened. ------- Bug moved to this database by dkl 2005-03-30 18:26 ------- This bug previously known as bug 2041 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2041 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.