httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures (fwd)
Date Thu, 24 Jul 1997 01:47:56 GMT
I haven't seen the original.  But this looks like the DoS we've talked
about the past few days... someone will probably post it against apache
soon enough. 

Dean

---------- Forwarded message ----------
Date: Wed, 23 Jul 1997 14:40:29 +0200
From: Stefan Rompf <srompf@TELEMATION.DE>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures

At 00:15 23.07.97 +0200, Simon Josefsson wrote:

>Fellow bugtraqers, I stumpled over this tonight.  It's a DoS-attack
>against a Oracle Webserver 2.1 that serves PL/SQL stored procedures.

The old Oracle Webserver 1.0.2.0.2 cannot be attacked this way. There seem
to be hard limits of 32 lines HTTP-Request, 1540 chars on the GET/HEAD
statement and 4096 chars on every additional header line.

Stefan


Mime
View raw message