Bugtraq mailing list archives
Re: HTTP REQUEST_METHOD flaw
From: ben () ALGROUP CO UK (Ben Laurie)
Date: Fri, 8 Jan 1999 20:14:37 +0000
Christopher Masto wrote:
Sending a null, by the way, results in this interesting effect: 209.54.21.199 - - [07/Jan/1999:14:35:27 -0500] "ÿôÿý" 501 - "-" "-" (Perhaps that will be mutilated by non 8-bit mail transport.. it's the four characters ff f4 ff fd)
Not. That's you somehow inducing your telnet client to try to do some negotiation. Naturally, Apache doesn't do telnet negotiation. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
Current thread:
- Re: HTTP REQUEST_METHOD flaw Sevo Stille (Jan 06)
- Re: HTTP REQUEST_METHOD flaw Christopher Masto (Jan 07)
- Re: HTTP REQUEST_METHOD flaw Jonathan A. Zdziarski (Jan 07)
- Re: HTTP REQUEST_METHOD flaw Kenneth Albanowski (Jan 08)
- <Possible follow-ups>
- Re: HTTP REQUEST_METHOD flaw Henrik Nordstrom (Jan 07)
- Re: HTTP REQUEST_METHOD flaw Ben Laurie (Jan 08)