Full Disclosure mailing list archives

Netscape Communicator META Refresh Denial of Service

From: full-disclosure () lists netsys com (Matthew Murphy)
Date: Sat, 20 Jul 2002 12:53:08 -0500

The "META" tag can be used to specify several things, including
document properties, and HTTP headers.  Among the HTTP
header equivalents it can specify is a "Refresh" member.

Refresh has this syntax:

<meta http-equiv="refresh" content="[delay]; URL=[page]">

delay - A number of seconds to wait for reload.  If omitted,
no delay is observed and the page is refreshed immediately.

page - This is the URL to navigate to when the refresh occurs

If a META Refresh navigates to itself with no delay, Netscape
will loop, causing a stupid DoS.

I tested this on Netscape 6.2.1 for Win9x/Me, but other versions
may be vulnerable.

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown

Current thread:

Netscape Communicator META Refresh Denial of Service Matthew Murphy (Jul 20)
- Netscape Communicator META Refresh Denial of Service Roland Postle (Jul 20)