Bug 174170 - CVE-2005-2970 httpd worker MPM memory consumption DoS
Summary: CVE-2005-2970 httpd worker MPM memory consumption DoS
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: httpd
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Joe Orton
QA Contact:
URL: http://svn.apache.org/viewcvs?rev=292...
Whiteboard: impact=moderate,source=cve,public=200...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-11-25 12:45 UTC by Mark J. Cox
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 2.2.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-01-10 13:38:51 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Mark J. Cox 2005-11-25 12:45:36 UTC 
fc5 tracking bug

+++ This bug was initially created as a clone of Bug #171756 +++

Memory leak in the worker MPM (worker.c) for Apache 2, in certain
circumstances, allows remote attackers to cause a denial of service
(memory consumption) via aborted connections, which prevents the
memory for the transaction pool from being reused for other
connections.

-- Additional comment from bressers on 2005-10-25 18:06 EST --
This issue should also affect FC3
Comment 1 Joe Orton 2006-01-10 13:38:51 UTC 
This is fixed in the FC5test2 httpd package.  (fixed since 2.1.9 on the 2.1.x
branch)
Note You need to log in before you can comment on or make changes to this bug.