[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-developers] Fwd: CERT Advisory CA-2002-17 Apache WebServer Chunk HandlingVulnerability
- Subject: RE: [cobalt-developers] Fwd: CERT Advisory CA-2002-17 Apache WebServer Chunk HandlingVulnerability
- From: "William L. Thomson Jr." <support@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed Jun 19 13:58:17 2002
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
On Wed, 2002-06-19 at 13:23, Matthew Nuzum wrote:
>
> If someone wanted to DOS your webserver, they certainly wouldn't need to
> be this fancy. As a matter of fact, they could probably be more
> effective by just swamping your server with requests.
>
> I'll bet you could write a 60K program that could eat up an 8MB apache
> child process. A couple thousand of those would be nothing for a modern
> PC to run but would easily cripple a heavy duty server.
>
> Whatever preventive measures protect you from standard DOS and DDOS
> attacks should prevent anyone from exploiting this weakness in such a
> way.
True, but is that a reason to ignore the vunerability, and not upgrade
Apache?
> Matthew Nuzum
> www.bearfruit.org
> cobalt@xxxxxxxxxxxxx
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
--
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone 707.766.9509
Fax 707.766.8989
http://www.obsidian-studios.com
--
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone 707.766.9509
Fax 707.766.8989
http://www.obsidian-studios.com