LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Nasty Apache denial of service vulnerability

Nasty Apache denial of service vulnerability

Posted Aug 24, 2011 23:21 UTC (Wed) by jonabbey (subscriber, #2736)
Parent article: Nasty Apache denial of service vulnerability

Note that the killapache.pl script linked from the fulldisclosure forum will report that a server is 'Not Vulnerable' if the '/' resource is provided by PHP, as PHP does not support the Range header.

If such a server provides any image files, though, a URL for an image file can be substituted in the killapache script, whereupon the Range DoS attack will function just fine.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds