Mailing List Archive: generic test: buggy Content-Length

generic test: buggy Content-Length

Aug 3, 2002, 1:58 AM

Post #1 of 2 (513 views)

There have been some vulnerabilities related to wrong Content-Length
headers (e.g. recently "Content-Length: -1" crashes wwwoffle), however
AFAIK we have no generic test for a very simple attack:
POST more data than announced in Content-Length.
We should be able to kill at least a few embeded web servers...
Am I wrong?

--
mailto:arboi@bigfoot.com
GPG Public keys: http://michel.arboi.free.fr/pubkey.txt
http://michel.arboi.free.fr/ http://arboi.da.ru/
FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/

Re: generic test: buggy Content-Length [ In reply to ]

deraison at nessus

Aug 3, 2002, 2:24 AM

Post #2 of 2 (503 views)

On Sat, Aug 03, 2002 at 10:58:30AM +0200, Michel Arboi wrote:
> There have been some vulnerabilities related to wrong Content-Length
> headers (e.g. recently "Content-Length: -1" crashes wwwoffle), however
> AFAIK we have no generic test for a very simple attack:
> POST more data than announced in Content-Length.
> We should be able to kill at least a few embeded web servers...
> Am I wrong?

formmail_pl.nasl does that, but "by accident" (ie: I was too lazy to
do a strlen(), so I sent more data than what is advertized).

-- Renaud