oss-sec mailing list archives
Re: CVE request: Monkey HTTPD - DoS due bug on Range header handling
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 10 Jun 2013 14:33:33 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/07/2013 07:25 PM, Felipe Pena wrote:
I've found an issue on the way as Monkey HTTPD handle the Range HTTP header when receiving Range:bytes=N-N where N is the exact file size, which causes the thread to go into an infinite loop, hence keeping the server busy on each request until a server shutdown. More details on bug report at http://bugs.monkey-project.com/ticket/184
Please use CVE-2013-2163 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRtjgdAAoJEBYNRVNeJnmTBp0P/i4IZOwrn/QRV4DQc7v6C7nC s3UfeKvjOlQkWkEON5/d2DzzJo0kXmA5ICkxOPAODicoHUElUKiepCyusQrVI1le QInYuSBfmFn4J/ygibMN7p70r275qdfBcduDU6qh+/5IwJMS829ed2pBWKjEO9t7 A08rswQu2Qk5oPv04u6oNvT/m7Gz9+bIH6eSFCKhz64ptVZRFMk2aDNn/7EsMrw3 o70ZSRxw6zoLP5NomokzK/qHootxnG3kgGjbnRCrPlHfuW2xetBa/9XcWkoeztcf flT8E/Dg1V2GLWeGv0cg5X3ixAFvraUua8u4ZOkJhIMmYZ3bnt632UYYhGS+jJpC qfKFUjq+dMa9xzBb4fK2SHKlK72+JR3JYZWh1QkcYbHPEn/TNgbsrJpOFlcyqEf0 ZVTiPPkkOPAYW5HUlLfWQrCNtxqjbNZ2dRFv5JNW6WUZV6u4nYrQD3ixPwvCKsqP N194I31JXFB2zvFNp9ySGCUCRichXPFjNID28dPglEgIlmzVsn3ZgMca+9T+DN01 q47R7pxIONdJNCmyrH70Q8jn/HFeGcvvoCJrcVZIwVYEwFIaV+PdFvSyrqK3amuH H6h2qgFsZYUFaOT/GWKFqTgFPKZZLZbUXUqC5qqmDK0ZuPRnHH5D9/Rv0Vjy+79j /bdrAlModIbZYoFbpK4s =I+ER -----END PGP SIGNATURE-----
Current thread:
- CVE request: Monkey HTTPD - DoS due bug on Range header handling Felipe Pena (Jun 07)
- Re: CVE request: Monkey HTTPD - DoS due bug on Range header handling Kurt Seifried (Jun 10)