Created attachment 30607 [details] webroot files wget --http-user='username' --http-password='password' -S http://localhost:801/digest/nc/index.html -O /dev/null [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `/usr/local/apache2/bin/httpd -k start'. Program terminated with signal 8, Arithmetic exception. #0 0x00007f3bfab91978 in add_client (key=12, info=0x7f3bf76f3950, s=0x1e4b508) at mod_auth_digest.c:845 845 bucket = key % client_list->tbl_len; Missing separate debuginfos, use: debuginfo-install apr-1.4.6-1.fc17.x86_64 apr-util-1.4.1-2.fc17.x86_64 db4-4.8.30-10.fc17.x86_64 expat-2.1.0-1.fc17.x86_64 libgcc-4.7.2-2.fc17.x86_64 libuuid-2.21.2-4.fc17.x86_64 nss-mdns-0.10-10.fc17.x86_64 nss-myhostname-0.3-2.fc17.x86_64 nss-softokn-freebl-3.14.3-1.fc17.x86_64 pcre-8.21-7.fc17.x86_64 (gdb) bt #0 0x00007f3bfab91978 in add_client (key=12, info=0x7f3bf76f3950, s=0x1e4b508) at mod_auth_digest.c:845 #1 0x00007f3bfab92881 in gen_client (r=0x7f3be0002970) at mod_auth_digest.c:1137 #2 0x00007f3bfab92c49 in note_digest_auth_failure (r=0x7f3be0002970, conf=0x7f3be0009e68, resp=0x7f3be0003e40, stale=0) at mod_auth_digest.c:1275 #3 0x00007f3bfab943a8 in authenticate_digest_user (r=0x7f3be0002970) at mod_auth_digest.c:1732 #4 0x000000000044624c in ap_run_check_user_id (r=0x7f3be0002970) at request.c:79 #5 0x000000000044752c in ap_process_request_internal (r=0x7f3be0002970) at request.c:233 #6 0x000000000046e3b8 in ap_process_async_request (r=0x7f3be0002970) at http_request.c:315 #7 0x000000000046a8d9 in ap_process_http_async_connection (c=0x7f3bf0003220) at http_core.c:143 #8 0x000000000046aac5 in ap_process_http_connection (c=0x7f3bf0003220) at http_core.c:228 #9 0x000000000045fb75 in ap_run_process_connection (c=0x7f3bf0003220) at connection.c:41 #10 0x0000000000478ac9 in process_socket (thd=0x1e4dff0, p=0x7f3bf0002f18, sock=0x7f3bf0002fa0, cs=0x7f3bf00031a8, my_child_num=1, my_thread_num=1) at event.c:964 #11 0x000000000047b0b7 in worker_thread (thd=0x1e4dff0, dummy=0x7f3bf0000a10) at event.c:1812 #12 0x0000003d75207d14 in start_thread (arg=0x7f3bf76f4700) at pthread_create.c:309 #13 0x0000003d74af168d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 (gdb) p key $1 = 12 (gdb) p client_list $2 = (struct hash_table *) 0x7f3bfd045030 (gdb) p *client_list $3 = {table = 0x0, tbl_len = 0, num_entries = 0, num_created = 0, num_removed = 0, num_renewed = 0} httpd config same as #55284 - effectively an AllowOverwride all on the webroot. webroot .htaccess files attached.
found this link containing a bit of analysis http://crypto.junod.info/2013/03/25/awakening-zombie-code-in-apache-httpd/