Vulnerability Development mailing list archives
Re: apache chunked encoding
From: David Bernick <bernz () bernztech org>
Date: Thu, 20 Jun 2002 15:48:53 -0400
I was playing a bit with chunked encoding vulnerability and found the following. When I send a request to Apache 1.3.24 using malformed chunked encoding, httpd process goes into infinite loop and CPU load grows to 100%. Example:
I've tried it with 1.3.23 - 1.3.26 on Linux on both X86 and Alpha.With 5000 'A' characters, a segmentation fault is spawned from a child process. [Thu Jun 20 20:05:31 2002] [notice] child pid 27769 exit signal Segmentation fault (11)
this uses SOME resources, but nothing alarming. putting a larger array of characters, let's say 9000, throws xxx.xx.xx.xx - - [20/Jun/2002:20:10:07 -0400] "POST http://xxxxxx.xxx HTTP/1.1" 400 59 "-" "-"
If I put your code into a loop, it uses up tons of resources on the target server, but a single request does very little, at least on my end.
d
--
David Bernick
bernz () bernztech org
Any excuse will serve a tyrant.
-- Aesop
Current thread:
- apache chunked encoding Przemyslaw Frasunek (Jun 19)
- Re: apache chunked encoding Edwin Groothuis (Jun 19)
- Re: apache chunked encoding David Bernick (Jun 20)
- <Possible follow-ups>
- Re: Re: apache chunked encoding cc (Jun 20)
- RE: apache chunked encoding Horner, Jonathan J. (JH8) (Jun 20)
- Re: apache chunked encoding David Bernick (Jun 20)
- Re: apache chunked encoding Tina Bird (Jun 20)
- Re: apache chunked encoding Marc Slemko (Jun 21)
- Re: apache chunked encoding Tina Bird (Jun 21)
- Re: apache chunked encoding David Bernick (Jun 20)