Nmap Development mailing list archives

[NSE] New script and email update patch

From: Duarte Silva <duarte.silva () serializing me>
Date: Sun, 21 Aug 2011 01:33:35 +0100

Hi,

I have a new script and need some feedback. It's based in a pretty recent 
Full-Disclosure thread [1], from the script description:

Verifies if a host running Apache HTTP server migth be vulnerable to a memory 
exhaustion based DoS. The script sends a HEAD request that only accepts gzip 
encoding, triggering the Apache mod_gzip/mod_deflate module. If the server 
responds with a 206 status code, then it is highly probable that the server is 
vulnerable.

If possible I would like to update my e-mail in the smtp-open-relay and smtp-
enum-users scripts ;)

[1] http://seclists.org/fulldisclosure/2011/Aug/175

New script and patch in the attachments as usual, regards
Duarte Silva

Developer/Security Consultant
SerializingMe

Address:
Rual Aldeia Velha, nº 41, 3º esq
2870-267 Montijo
Setúbal - Portugal

Cell: (+351) 96 933 70 83

Attachment: http-apache-gzip-dos.nse
Description:

Attachment: email-update.patch
Description:

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] New script and email update patch Duarte Silva (Aug 20)
- Re: [NSE] New script and email update patch Henri Doreau (Aug 25)