Opened 19 years ago

Last modified 6 years ago

#287 defect closed fixed (fixed)

DoS in http server code

Reported by: dalke Owned by:
Priority: high Milestone:
Component: Keywords:
Cc: itamarst, dalke Branch:


Change History (5)

comment:1 Changed 19 years ago by dalke

There's a DoS attack possible against the Twisted HTTP server code.
In short, there's no limit to the number of headers it will accept.  An 
attacker can fill up memory, or just keep it close to running out of 
memory and cause problems with other processes.

Here's demo attack code

comment:2 Changed 19 years ago by itamarst

Related bugs are the file upload issues.

comment:3 Changed 19 years ago by itamarst

Fixed in CVS.

comment:4 Changed 11 years ago by <automation>

Owner: itamarst deleted

comment:5 Changed 6 years ago by GitHub <noreply@…>

In 40c4268:

Error: Processor CommitTicketReference failed
 does not appear to be a Git repository. See the log for more information.
Note: See TracTickets for help on using tickets.