What HTTP exploit?
Jason Dixon
jason at dixongroup.net
Mon May 31 17:18:29 UTC 2004
On May 31, 2004, at 12:45 PM, Bob Martin wrote:
> The real irony is that it doesn't bother Apache running on NT :)
>
> In all fairness, somewhere along the line there was a patch for this.
> All my Apache servers do is put "request failed: URI too long" in the
> error log. Even without the fix it really wasn't anything more than a
> nuisance. Killing off one child process had no effect on valid
> sessions or the parent process.
This also has no effect on Apache 1.3.28 on OpenBSD 3.4 (-stable),
other than logging an extremely long request string. Of course, the
OpenBSD folks audit/patch their own version of Apache, so it might have
the patch you mention.
--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net
More information about the NANOG
mailing list