Opened 13 years ago

Last modified 8 weeks ago

#287 defect closed fixed (fixed)

DoS in http server code

Reported by: dalke Owned by:
Priority: high Milestone:
Component: Keywords:
Cc: itamarst, dalke Branch:
Author:

Description


Change History (5)

comment:1 Changed 13 years ago by dalke

There's a DoS attack possible against the Twisted HTTP server code.
In short, there's no limit to the number of headers it will accept.  An 
attacker can fill up memory, or just keep it close to running out of 
memory and cause problems with other processes.

Here's demo attack code

http://twistedmatrix.com/pipermail/twisted-python/2003-July/
004825.html

comment:2 Changed 13 years ago by itamarst

Related bugs are the file upload issues.

comment:3 Changed 13 years ago by itamarst

Fixed in CVS.

comment:4 Changed 6 years ago by <automation>

  • Owner itamarst deleted

comment:5 Changed 8 weeks ago by GitHub <noreply@…>

In 40c4268:

Merge pull request #287 from twisted/7807-rodrigc-extrasrequire-py3

Author: rodrigc
Reviewer: Lukasa
Fixes: #7807

Fix on Python 3: pip install -e ".[dev]"

Note: See TracTickets for help on using tickets.