Displaying 1 result from an estimated 1 matches for "lsapi_read".
Did you mean:
capi_read
2006 Nov 10
1
[SEC] Latest LiteSpeed ruby-lsapi does not vulnerable to the cgi.rb 99% CPU DoS attack
Hi,
First, my thanks to Zed for including LiteSpeed in cgi.rb vulnerability
report. Appreciated!
I just got time to review ruby-lsapi code and test the vulnerability
against LiteSpeed.
I found that, in our latest ruby-lsapi release 1.11, lsapi_read()
function returns Qnil when the end of request body has been reached. So,
in theory, LiteSpeed should not be vulnerable to this attack.
Our test results confirmed what I expected, 500 Internal Server Error
was returned immediately upon receiving the bad multipart request.
However, it is unsure wh...