From owner-freebsd-security  Tue Aug 11 11:16:34 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA11089
          for freebsd-security-outgoing; Tue, 11 Aug 1998 11:16:34 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA11082
          for <security@freebsd.org>; Tue, 11 Aug 1998 11:16:31 -0700 (PDT)
          (envelope-from brett@lariat.org)
Received: (from brett@localhost)
	by lariat.lariat.org (8.8.8/8.8.6) id MAA18952;
	Tue, 11 Aug 1998 12:16:07 -0600 (MDT)
Message-Id: <199808111816.MAA18952@lariat.lariat.org>
X-Sender: brett@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1.0.44 (Beta)
Date: Tue, 11 Aug 1998 12:13:06 -0600
To: security@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>
Subject: DOS exploit in Apache
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

All recent versions of Apache can be made to demand virtually unlimited
amounts of memory if they are fed large numbers of HTML request headers. I
haven't seen a fix for FreeBSD yet; have the published package and port
been patched yet?

--Brett Glass


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message