From 1420b2490a4699f738f2dfb5173243d8047a7e7d Mon Sep 17 00:00:00 2001 From: nectar Date: Sun, 22 Aug 2004 21:44:40 +0000 Subject: Cancel a VuXML entry for an Apache vulnerability that does not affect FreeBSD. Reminded by: recent conversations :-) --- security/vuxml/vuln.xml | 43 +------------------------------------------ 1 file changed, 1 insertion(+), 42 deletions(-) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 28d2dd656ba2..bb5d5171a7eb 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -2279,48 +2279,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - apache 2 denial-of-service attack (does not affect FreeBSD) - - - apache - 0 - - - - -

NOTE WELL: This issue does not affect any FreeBSD - platform. It is recorded only for reference.

A denial-of-service issue was reported by Jeff Trawick. From - the CVS commit log for the fix:

-
Fix starvation issue on listening sockets where a - short-lived connection on a rarely-accessed listening - socket will cause a child to hold the accept mutex and - block out new connections until another connection arrives - on that rarely-accessed listening socket. With Apache - 2.x there is no performance concern about enabling the - logic for platforms which don't need it, so it is enabled - everywhere except for Win32.
-

It was determined that this issue does not affect - FreeBSD systems. From the Apache security advisory:

-
This issue is known to affect some versions of AIX, - Solaris, and Tru64; it is known to not affect FreeBSD or - Linux.
-

- - - - CAN-2004-0174 - http://marc.theaimsgroup.com/?l=bugtraq&m=107973894328806 - http://marc.theaimsgroup.com/?l=apache-cvs&m=107969495524201 - http://www.apacheweek.com/features/security-20 - - - 2004-03-19 - 2004-03-31 - + -- cgit