Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What HTTP exploit?

  • From: Jason Dixon
  • Date: Mon May 31 13:21:06 2004

On May 31, 2004, at 12:45 PM, Bob Martin wrote:

The real irony is that it doesn't bother Apache running on NT :)

In all fairness, somewhere along the line there was a patch for this. All my Apache servers do is put "request failed: URI too long" in the error log. Even without the fix it really wasn't anything more than a nuisance. Killing off one child process had no effect on valid sessions or the parent process.
This also has no effect on Apache 1.3.28 on OpenBSD 3.4 (-stable), other than logging an extremely long request string. Of course, the OpenBSD folks audit/patch their own version of Apache, so it might have the patch you mention.

--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.