[Phpwm] Apache DoS vulnerability
David Goodwin
david at codepoets.co.uk
Thu Aug 25 13:47:53 UTC 2011
On 25 Aug 2011, at 14:31, Martin Meredith wrote:
> Nice little command there David.
>
> Dan, the one with the 206 is vulnerable.
>
> Luckily- I spent the morning patching...
I did that stuff last night; I think.
If you have e.g. PHP answering /, (e.g. via rewrite etc etc) then I think you just need to change the URL to point to a static image (e.g. /favicon.ico) - then it'll work.
If it returns a Content-Length > 90k then you're vulnerable.
See lwn.net for a good article/post etc on the problem. I used the headers module to remove the range thing approach.
thanks,
David.
More information about the Phpwm
mailing list