You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
segmentation fault message in apache log with chrooted apache and when the /etc/psswd is not present in the jail. Adding the missing/etc/passwd file is a workaround...
Logs and dumps
Bug (or maybe not really one) identified using gdb in apache2/persist_dbm.c:412 in the collection_store( ) {....}
The username variable is not properly set using the apr_uid_name_get( ). Maybe the returned value code of apr_uid_name_get( ) should be tested before trusting the username variable...
To Reproduce
When using OWASP CRS REQUEST-912-DOS-PROTECTION.conf & SecAction
"id:900700,
phase:1,
nolog,
pass,
t:none,
setvar:'tx.dos_burst_time_slice=60',
setvar:'tx.dos_counter_threshold=100',
setvar:'tx.dos_block_timeout=600'"
All the Best
CG
The text was updated successfully, but these errors were encountered:
Describe the bug
segmentation fault message in apache log with chrooted apache and when the /etc/psswd is not present in the jail. Adding the missing/etc/passwd file is a workaround...
Logs and dumps
Bug (or maybe not really one) identified using gdb in apache2/persist_dbm.c:412 in the collection_store( ) {....}
The username variable is not properly set using the apr_uid_name_get( ). Maybe the returned value code of apr_uid_name_get( ) should be tested before trusting the username variable...
To Reproduce
When using OWASP CRS REQUEST-912-DOS-PROTECTION.conf & SecAction
"id:900700,
phase:1,
nolog,
pass,
t:none,
setvar:'tx.dos_burst_time_slice=60',
setvar:'tx.dos_counter_threshold=100',
setvar:'tx.dos_block_timeout=600'"
All the Best
CG
The text was updated successfully, but these errors were encountered: