UTF-16 and premature request ending evasion

["Cox, Michael" <mscox () ti com>]

Can anyone give me an example of a webserver that will respond to UTF-16
(%HH%HH) encoding or the "Premature request ending" tactic outlined in RFP's
paper (respond with something other than an error, I mean, for all you wise
guys out there :-)? How prevalent is susceptibility to these two techniques
in particular (in terms of the web server not the IDS)?

Thanks!
Michael