Re: CVE request: Monkey HTTPD - DoS due bug on Range header handling

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/07/2013 07:25 PM, Felipe Pena wrote:
> I've found an issue on the way as Monkey HTTPD handle the Range HTTP header
> when receiving Range:bytes=N-N where N is the exact file size, which causes
> the
> thread to go into an infinite loop, hence keeping the server busy on each
> request until a server shutdown.
>
> More details on bug report at http://bugs.monkey-project.com/ticket/184

Please use CVE-2013-2163 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRtjgdAAoJEBYNRVNeJnmTBp0P/i4IZOwrn/QRV4DQc7v6C7nC
s3UfeKvjOlQkWkEON5/d2DzzJo0kXmA5ICkxOPAODicoHUElUKiepCyusQrVI1le
QInYuSBfmFn4J/ygibMN7p70r275qdfBcduDU6qh+/5IwJMS829ed2pBWKjEO9t7
A08rswQu2Qk5oPv04u6oNvT/m7Gz9+bIH6eSFCKhz64ptVZRFMk2aDNn/7EsMrw3
o70ZSRxw6zoLP5NomokzK/qHootxnG3kgGjbnRCrPlHfuW2xetBa/9XcWkoeztcf
flT8E/Dg1V2GLWeGv0cg5X3ixAFvraUua8u4ZOkJhIMmYZ3bnt632UYYhGS+jJpC
qfKFUjq+dMa9xzBb4fK2SHKlK72+JR3JYZWh1QkcYbHPEn/TNgbsrJpOFlcyqEf0
ZVTiPPkkOPAYW5HUlLfWQrCNtxqjbNZ2dRFv5JNW6WUZV6u4nYrQD3ixPwvCKsqP
N194I31JXFB2zvFNp9ySGCUCRichXPFjNID28dPglEgIlmzVsn3ZgMca+9T+DN01
q47R7pxIONdJNCmyrH70Q8jn/HFeGcvvoCJrcVZIwVYEwFIaV+PdFvSyrqK3amuH
H6h2qgFsZYUFaOT/GWKFqTgFPKZZLZbUXUqC5qqmDK0ZuPRnHH5D9/Rv0Vjy+79j
/bdrAlModIbZYoFbpK4s
=I+ER
-----END PGP SIGNATURE-----