Ticket #287 defect closed fixed

Opened 10 years ago

Last modified 10 years ago

DoS in http server code

Reported by: dalke Owned by:
Priority: high Milestone:
Component: Keywords:
Cc: itamarst, dalke Branch:
Author: Launchpad Bug:

Description


Change History

1

Changed 10 years ago by dalke 

There's a DoS attack possible against the Twisted HTTP server code.
In short, there's no limit to the number of headers it will accept.  An 
attacker can fill up memory, or just keep it close to running out of 
memory and cause problems with other processes.

Here's demo attack code

http://twistedmatrix.com/pipermail/twisted-python/2003-July/
004825.html

2

Changed 10 years ago by itamarst 

Related bugs are the file upload issues.

3

Changed 10 years ago by itamarst 

Fixed in CVS.

4

Changed 2 years ago by <automation>

  • owner itamarst deleted
Note: See TracTickets for help on using tickets.