search for: ewox

...1.2.6 tested, 1.3 is vulnerable according to Ben Laurie [Apache member]) doesn''t handle the case, when there are a lot (say 10000) of "User-Agent:"-headers. (other headers could also work!). An exploit with source-code was posted on BugTraq. excerpts from the mail by <finrod@EWOX.ORG>: | There seems to be a simple way of badly DoSing any Apache server. It | involved a massive memory leak in the way it handles incoming request | headers. I based my exploit on the assumption that they use setenv() | (which they don''t) and that the bug occurs when you send a header...

...and 1.2.6 tested, 1.3 is vulnerable according to Ben Laurie [Apache member]) doesn't handle the case, when there are a lot (say 10000) of "User-Agent:"-headers. (other headers could also work!). An exploit with source-code was posted on BugTraq. excerpts from the mail by <finrod@EWOX.ORG>: | There seems to be a simple way of badly DoSing any Apache server. It | involved a massive memory leak in the way it handles incoming request | headers. I based my exploit on the assumption that they use setenv() | (which they don't) and that the bug occurs when you send a header that...