Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: IPS Evasion with the Apache HTTP Server
From: Valdis.Kletnieks () vt edu
Date: Tue, 19 Jun 2007 17:03:29 -0400

On Tue, 19 Jun 2007 12:44:00 PDT, coderman said:

is there a page somewhere that details which web servers handle sloppy
input?  (i bet the embedded httpd's are the most resistant)

I'm tempted to take that bet.  Lot of people have thrown lots of truly wild
stuff at the Apache code over the years - it may react in *unexpected* ways,
but it's probably pretty bulletproof.

On the other hand, that little webserver admin tool that's stuffed into one
corner of your DSL modem's ROM probably got tested: "Each menu goes to the page
it's supposed to, if you enter an IP here it sets it, if you enter a port there
it DTRT", with little to no serious abuse of the interface.  I'll bet half the
gear out there, the test suite never even *considered* that maybe a 0x0c should
be sent, even if just for shits-n-giggles to see what happens.

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]