On 12/29/2011 08:06 AM, Reindl Harald wrote:
Am 29.12.2011 14:59, schrieb Johnny Hughes:
That flaw as absolutely no "access" component. It allows a DDOS attack, not provide remote access to a machine.
From the bug:
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. (CVE-2011-3192)
How is that relevant to allowing access to someone's server.
and if you have a webserver and the webserver can be easily killed with a DOS the bug is CRITICAL, if you can kill any PUBLIC SERVICE remote a bug is CRITICAL
I did not define it bozo, so stop your bullshit on this list. I have already pointed to how the classifications are done.
what exactly do you not understand while these are simple facts - your definition of critical is broken if you think anything where you can not get into the machine is not
Who the hell do you think yo0u are? You will be banned from posting on this list of you can not act appropriately.
and yes i tried the demo-exploits which killed a quad-core with 16 GB memory within some seconds
For those of you who did not see how the categories are defined, here it is: