Bugtraq mailing list archives
Re: Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall
From: Peter Pentchev <roam () ringlet net>
Date: Tue, 1 Apr 2003 10:49:58 +0300
On Mon, Mar 31, 2003 at 10:00:26AM +0400, Dmitry Maksimov wrote: [snip]
Positive Technologies reports that single simple HTTP request to Kerio Winroute Firewall Web administration interface (TCP/4080) GET / HTTP/1.0 Authorization: Basic XXX instead of correct one: GET / HTTP/1.0 Host: server Authorization: Basic XXX causes 100% CPU utilization of attacked computer.
Hmm. Correct me if I'm wrong, but IMHO version 1.0 of the HTTP protocol does *not* require a Host header in the request. The Host header is a requirement in HTTP/1.1 for virtual hosting, isn't it? Thus, an HTTP/1.0 request without a Host header is perfectly valid, and expected. This would mean that this application breaks not only on invalid requests, but also on legitimate ones. G'luck, Peter -- Peter Pentchev roam () ringlet net roam () sbnd net roam () FreeBSD org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am jealous of the first word in this sentence.
Attachment:
_bin
Description:
Current thread:
- Re: Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall Peter Pentchev (Apr 02)