North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: What HTTP exploit?
- From: Jason Dixon
- Date: Mon May 31 13:21:06 2004
On May 31, 2004, at 12:45 PM, Bob Martin wrote:
The real irony is that it doesn't bother Apache running on NT :)
This also has no effect on Apache 1.3.28 on OpenBSD 3.4 (-stable),
other than logging an extremely long request string. Of course, the
OpenBSD folks audit/patch their own version of Apache, so it might have
the patch you mention.
In all fairness, somewhere along the line there was a patch for this.
All my Apache servers do is put "request failed: URI too long" in the
error log. Even without the fix it really wasn't anything more than a
nuisance. Killing off one child process had no effect on valid
sessions or the parent process.
Jason Dixon, RHCE