[Mongrel] [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack

Zed A. Shaw zedshaw at zedshaw.com
Thu Oct 26 17:00:17 EDT 2006


On Thu, 26 Oct 2006 10:11:36 -0400
"Ian C. Blenke" <ian at blenke.com> wrote:

> Zed A. Shaw wrote:
> 
> We're using debian ruby 1.8.4-1, apache 2.2.3, mod_proxy_balancer, no 
> camping, and mongrel 0.3.13.5 (is this pre-0.3.14?) plus the patch for 
> svn rev 356, and ruby cvs cgi.rb rev 1.19. I haven't seen any missing 
> file errors in the apache logs since the upgrade from 0.3.13.3.

What's this "patch for svn rev 356" you speak of?  Is it something I should include?

-- 
Zed A. Shaw, MUDCRAP-CE Master Black Belt Sifu
http://www.zedshaw.com/
http://safari.oreilly.com/0321483502 -- The Mongrel Book
http://mongrel.rubyforge.org/
http://www.lingr.com/room/3yXhqKbfPy8 -- Come get help.


More information about the Mongrel-users mailing list