Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: a cheesy Apache / IIS DoS vuln (+a question)
Jan 04 2007 05:35AM
William A. Rowe, Jr. (wrowe rowe-clan net)
Michal Zalewski wrote:
> I feel silly for reporting this, but I couldn't help but notice that
> Apache and IIS both have a bizarro implementation of HTTP/1.1 "Range"
> header functionality (as defined by RFC 2616). Their implementations allow
> the same fragment of a file to be requested an arbitrar...
[ more ]
Copyright 2010, SecurityFocus