|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: IBM HTTP SERVER / APACHE (DoS)
From: H D Moore (hdm
SECUREAUSTIN.COM)Date: Thu Jun 01 2000 - 10:36:09 CDT
- Next message: Kit Knox: "[rootshell.com] Xterm DoS Attack"
- Previous message: Eric Andry: "Netwin's Dmail package"
- Next in thread: H D Moore: "Re: IBM HTTP SERVER / APACHE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I could not reproduce the crash detailed below, but have been seeing
some odd inconsistent behavior when requesting URLs like:
/DIR/%2e%2e%2e%2e/%2f - would sometimes return double HTTP headers ???
Another interesting tidbit; the Win32 server sees the con/aux/com1
devices and attempting to request them gives a 403 Access Denied. It
also seems to dislike <> chars in the requests...
-HD
I wrote:
[ snip ]
> and the server told me /DIR/... was not found...
> And finally I tried:
>
> GET /DIR/%2e%2f%2e%2e%2e HTTP/1.0
>
> And the server simple crashed, burned, and stopped accepting
> connections. Whether the DoS was triggered by the earlier request
> containing the null character or the single %2e%2f sequence is unknown.
> Since I did not have access to the test machine's console, I dont know
> what the impact besides the obvious DoS is...
- Next message: Kit Knox: "[rootshell.com] Xterm DoS Attack"
- Previous message: Eric Andry: "Netwin's Dmail package"
- Next in thread: H D Moore: "Re: IBM HTTP SERVER / APACHE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]