Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
a cheesy Apache / IIS DoS vuln (+a question)
Jan 03 2007 11:27PM
Michal Zalewski (lcamtuf dione ids pl)
I feel silly for reporting this, but I couldn't help but notice that
Apache and IIS both have a bizarro implementation of HTTP/1.1 "Range"
header functionality (as defined by RFC 2616). Their implementations allow
the same fragment of a file to be requested an arbitrary number of times,
and each red...
[ more ]
Copyright 2010, SecurityFocus