Hi Michal, just for the record I have the impression that this not the same vulnerability you outlined in your advisory a while back. It is more that the idea for this vulnerability originated from your advisory, not the same bug. Actually I even think that the while back when you released the advisory there was a patch for both Apache and IIS by limiting the maximal Byte Range headers slightly. This is a feeling I got over years of fuzzing for httpd bugs.
Regards, Kingcope 2011/8/24 HI-TECH . <[email protected]>: > Hi Michal, > What do you think from where this originated ? > Was you outlining it a while back :) > > /kc > > 2011/8/24 Michal Zalewski <[email protected]>: >>> http://www.gossamer-threads.com/lists/apache/dev/401638 >> >> FWIW, I pointed out the DoS-iness of their Range handling a while ago: >> http://seclists.org/bugtraq/2007/Jan/83 >> >> /mz >> > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
