What HTTP exploit?

• Previous message (by thread): What HTTP exploit?
• Next message (by thread): Tracking the bad guys
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On May 31, 2004, at 12:45 PM, Bob Martin wrote:

>  The real irony is that it doesn't bother Apache running on NT :)
>
>  In all fairness, somewhere along the line there was a patch for this. 
> All my Apache servers do is put "request failed: URI too long" in the 
> error log. Even without the fix it really wasn't anything more than a 
> nuisance. Killing off one child process had no effect on valid 
> sessions or the parent process.

This also has no effect on Apache 1.3.28 on OpenBSD 3.4 (-stable), 
other than logging an extremely long request string.  Of course, the 
OpenBSD folks audit/patch their own version of Apache, so it might have 
the patch you mention.

--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net

• Previous message (by thread): What HTTP exploit?
• Next message (by thread): Tracking the bad guys
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]