DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=28193>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28193 Webdav Exploit - DOS Vulnerability Apache 1.3.x Series ------- Additional Comments From [EMAIL PROTECTED] 2004-04-05 02:27 ------- I need to add IP Address blocking via directives cannot be used to defeat Webdav exploits. There is simply no mechanism in Apache 1.3.x to prevent these Webdav exploits. Apache is wide open for abuse by Webdav exploits should someone realize there is no known defense mechanism for DOS attacks employing this exploit; any byte length can be sent at any timing intervals, and Apache accepts it consuming CPU resources and memory at an alarming rate. Just a matter of time before a "script kiddie" figures this out. Thanks for taking time to read my bug report, Kira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
