Nasty Apache denial of service vulnerability
Nasty Apache denial of service vulnerability
Posted Aug 24, 2011 23:21 UTC (Wed) by jonabbey (guest, #2736)Parent article: Nasty Apache denial of service vulnerability
Note that the killapache.pl script linked from the fulldisclosure forum will report that a server is 'Not Vulnerable' if the '/' resource is provided by PHP, as PHP does not support the Range header.
If such a server provides any image files, though, a URL for an image file can be substituted in the killapache script, whereupon the Range DoS attack will function just fine.