[15156] in bugtraq
Re: IBM HTTP SERVER / APACHE (DoS)
daemon@ATHENA.MIT.EDU (H D Moore)
Thu Jun 1 22:27:00 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <393682E9.8A86A2D2@secureaustin.com>
Date: Thu, 1 Jun 2000 10:36:09 -0500
Reply-To: H D Moore <hdm@SECUREAUSTIN.COM>
From: H D Moore <hdm@SECUREAUSTIN.COM>
X-To: Marek Roy <marek_roy@HOTMAIL.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
I could not reproduce the crash detailed below, but have been seeing
some odd inconsistent behavior when requesting URLs like:
/DIR/%2e%2e%2e%2e/%2f - would sometimes return double HTTP headers ???
Another interesting tidbit; the Win32 server sees the con/aux/com1
devices and attempting to request them gives a 403 Access Denied. It
also seems to dislike <> chars in the requests...
-HD
I wrote:
[ snip ]
> and the server told me /DIR/... was not found...
> And finally I tried:
>
> GET /DIR/%2e%2f%2e%2e%2e HTTP/1.0
>
> And the server simple crashed, burned, and stopped accepting
> connections. Whether the DoS was triggered by the earlier request
> containing the null character or the single %2e%2f sequence is unknown.
> Since I did not have access to the test machine's console, I dont know
> what the impact besides the obvious DoS is...
