[70907] in North American Network Operators' Group
Re: What HTTP exploit?
daemon@ATHENA.MIT.EDU (Jason Dixon)
Mon May 31 13:19:22 2004
In-Reply-To: <40BB611A.6010201@buckhorn.net>
From: Jason Dixon <jason@dixongroup.net>
Date: Mon, 31 May 2004 13:18:29 -0400
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On May 31, 2004, at 12:45 PM, Bob Martin wrote:
> The real irony is that it doesn't bother Apache running on NT :)
>
> In all fairness, somewhere along the line there was a patch for this.
> All my Apache servers do is put "request failed: URI too long" in the
> error log. Even without the fix it really wasn't anything more than a
> nuisance. Killing off one child process had no effect on valid
> sessions or the parent process.
This also has no effect on Apache 1.3.28 on OpenBSD 3.4 (-stable),
other than logging an extremely long request string. Of course, the
OpenBSD folks audit/patch their own version of Apache, so it might have
the patch you mention.
--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net
