httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Beard <>
Subject RE: 1.3.26 Exploit? or something I'm overlooking
Date Mon, 24 Jun 2002 14:25:58 GMT
According to what I've read on bugtraq, that's symptomatic of
a chunk encoding exploit: syslog notices and nothing in the
Apache logs.

The snort folks have added a signature for chunking exploits
if want to try a different packet sniffer (


On Sun, 23 Jun 2002, Mike Roest wrote:

> The weird thing is there are no logs of the requests which leads me to
> believe he's trying something similar to the chunk exploit.  This case
> there was more then one conneciton.  In the previouse case there was
> only one connection made to the box that made the child processes fail
> over and over again.  I think I will send this to the security email in
> the morning as I think there are some left overs of the chunk bug still
> in 1.3.26.
> --Mike
> -----Original Message-----
> From: mike []
> Sent: Sunday, June 23, 2002 10:25 PM
> To:
> Subject: Re: 1.3.26 Exploit? or something I'm overlooking
> Is he requesting the same URL over and over? If he is, he may be trying
> to
> use the chunk exploit on your server, and could be a bug in 1.3.26 that
> is
> causing your server to crash.  Is there a core file? Perhaps debugging
> will
> lead you to an answer.
> Thanks.

Jeff Beard | Systems Architect, Programmer, Sysadmin
Contact    | jeff at cyberxape dot com, 303.443.9339
Location   | In front of the computer, Boulder, CO, USA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message