Bugtraq mailing list archives

Re: HTTP REQUEST_METHOD flaw

From: ben () ALGROUP CO UK (Ben Laurie)
Date: Fri, 8 Jan 1999 20:14:37 +0000


Christopher Masto wrote:

Sending a null, by the way, results in this interesting effect:

209.54.21.199 - - [07/Jan/1999:14:35:27 -0500] "ÿôÿý" 501 - "-" "-"

(Perhaps that will be mutilated by non 8-bit mail transport.. it's the
four characters ff f4 ff fd)


Not. That's you somehow inducing your telnet client to try to do some
negotiation. Naturally, Apache doesn't do telnet negotiation.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi

Current thread:

Re: HTTP REQUEST_METHOD flaw Sevo Stille (Jan 06)
- Re: HTTP REQUEST_METHOD flaw Christopher Masto (Jan 07)
- Re: HTTP REQUEST_METHOD flaw Jonathan A. Zdziarski (Jan 07)
  - Re: HTTP REQUEST_METHOD flaw Kenneth Albanowski (Jan 08)
- <Possible follow-ups>
- Re: HTTP REQUEST_METHOD flaw Henrik Nordstrom (Jan 07)
- Re: HTTP REQUEST_METHOD flaw Ben Laurie (Jan 08)