Comment 4 for bug 392759
Revision history for this message
| Jonathan Marsden (jmarsden) wrote Re: apache2 DoS attack using slowloris | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Dekar: Did you actually test this at all? Please provide some evidence to support your claims.
You have said that you believe this issue is:
> A real problem, exploitable for many people in a default
> installation. Includes serious remote denial of services,
> local root privilege escalations, or data loss.
The default installation, when one installs apache2 using
sudo apt-get install apache2
uses the apache2-mpm-prefork module, not apache2-mpm-worker. The article by LiraNuna clearly states:
I assume you are using the threaded version of Apache, else you are not vulnerable to this type of attack.
Please justify your claims about this being a high priority issue, affecting many people in the default installation, in the light of this.
More generally, if you believe this to be a significant issue for many people, rather than making unfounded statements here, please do the community a service and package the module that you wish to see included in Ubuntu :)