[ZCM] [ZC] 606/ 2 Resolve "unlimited header length == trivial DoS"
Collector: Zope Bugs, Features, and Patches ...
zope-coders@zope.org
Thu, 03 Oct 2002 22:32:39 -0400
Issue #606 Update (Resolve) "unlimited header length == trivial DoS"
** Security Related ** (Public)
Status Resolved, ZServer/bug critical
To followup, visit:
http://collector.zope.org/Zope/606
==============================================================
= Resolve - Entry #2 by Brian on Oct 3, 2002 10:32 pm
Status: Pending => Resolved
Thanks - I've fixed this for the 2.6 release and the next
2.5 bug fix release.
-Brian
________________________________________
= Request - Entry #1 by Anonymous User on Oct 3, 2002 6:44 pm
In short, here's the cheesiest example ever:
$ yes | telnet myzopehost.example.com zopeport
Now go watch the process size on myzopehost.example.com.
ZServer should enforce a header length limit, not doing so leads to deep deep hurting.
==============================================================