Apache2 MOD_CGI STDERR Denial Of Service Vulnerability

Apache2 has been reported prone to a denial-of-service vulnerability. The issue has been reported to present itself when a CGI script outputs excessive data to STDERR. If this condition occurs the execution of the script will reportedly pause indefinitely due to a locked write() call in mod_cgi. Because Apache2 is waiting for further input from the malicious CGI application, the httpd process may hang. When the maximum connection limit is reached, Apache will no longer service requests, effectively denying service to legitimate users.


 

Privacy Statement
Copyright 2010, SecurityFocus