Full Disclosure mailing list archives
Re: Apache Killer
From: "HI-TECH ." <isowarez.isowarez.isowarez () googlemail com>
Date: Thu, 25 Aug 2011 06:43:06 +0200
Hi Michal, just for the record I have the impression that this not the same vulnerability you outlined in your advisory a while back. It is more that the idea for this vulnerability originated from your advisory, not the same bug. Actually I even think that the while back when you released the advisory there was a patch for both Apache and IIS by limiting the maximal Byte Range headers slightly. This is a feeling I got over years of fuzzing for httpd bugs. Regards, Kingcope 2011/8/24 HI-TECH . <isowarez.isowarez.isowarez () googlemail com>:
Hi Michal, What do you think from where this originated ? Was you outlining it a while back :) /kc 2011/8/24 Michal Zalewski <lcamtuf () coredump cx>:http://www.gossamer-threads.com/lists/apache/dev/401638FWIW, I pointed out the DoS-iness of their Range handling a while ago: http://seclists.org/bugtraq/2007/Jan/83 /mz
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Apache Killer, (continued)
- Re: Apache Killer Levente Peres (Aug 20)
- Re: Apache Killer -= Glowing Sex =- (Aug 23)
- Re: Apache Killer nix (Aug 23)
- Re: Apache Killer -= Glowing Sex =- (Aug 23)
- Message not available
- Message not available
- Re: Apache Killer -= Glowing Sex =- (Aug 23)
- Re: Apache Killer HI-TECH . (Aug 22)
- Re: Apache Killer Michal Zalewski (Aug 23)
- Re: Apache Killer -= Glowing Sex =- (Aug 23)
- Re: Apache Killer HI-TECH . (Aug 24)
- Re: Apache Killer HI-TECH . (Aug 24)
- Re: Apache Killer Michal Zalewski (Aug 24)
- Re: Apache Killer HI-TECH . (Aug 24)
- Re: Apache Killer Dirk-Willem van Gulik (Aug 25)