[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Apache Killer



> just for the record I have the impression that this not the same vulnerability
> you outlined in your advisory a while back. It is more that the idea
> for this vulnerability originated from your advisory, not the same bug.

I don't think this even matters, and I really don't disagree...

In 2007, I noticed that their Range handling is silly, and may prompt
them to generate very large responses.

I casually proposed a window scaling-based attack back then, and
nothing happened.

My understanding is that your exploit is based on the same principle
(I don't think they fixed this in any way), but combines it with
protocol-level compression to force the server to waste some memory
and CPU resources to compress the response beforehand.

But in any case, life goes on, it's just a DoS. Good that they're fixing it...

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/