Re: Patch for the "Microsoft IIS False Content-Length Field DoS Vulnerability" (bid 3667)

From: Ivan Hernandez (ivan.hernandezat_private)
Date: Wed Mar 06 2002 - 10:41:11 PST

Next message: Richard Hamnett: "Re: Rumours about Apache 1.3.22 exploits"

Previous message: adamb: "Re: Rumours about Apache 1.3.22 exploits"
In reply to: Bob at firstcodings: "Patch for the "Microsoft IIS False Content-Length Field DoS Vulnerability" (bid 3667)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Your understood is correct. Your patch would solve the problem correctly !

Ivan Hernandez

Bob at firstcodings wrote:

> Hi members,
>
>I think no patch has been released at this day.... so, I wrote one myself
>using ISAPI filters.
>As I understood RFCs, a hit generated by a "GET" method, does not need the
>"Content-Length:" header. If this is true, I think my filter is correct.
>
>The page is http://bob.firstcodings.com/programs/dropcontentlengthget/
>(source code is included). For now, please consider this filter as "beta
>release".
>I installed this filter on a production server which has an average load :
>after 2 days and at this point, all is fine. Above all, exploit described in
>bid 3667 does not work anymore.
>
>Thanks to email me at "dropContentLengthGetat_private" for any
>comments/feedbacks/suggestions about this filter.
>
>
>Bob - firstcodings.
>P.S : my english may not be correct, sorry :)
>
>

Next message: Richard Hamnett: "Re: Rumours about Apache 1.3.22 exploits"
Previous message: adamb: "Re: Rumours about Apache 1.3.22 exploits"
In reply to: Bob at firstcodings: "Patch for the "Microsoft IIS False Content-Length Field DoS Vulnerability" (bid 3667)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 06 2002 - 13:25:17 PST