From: Steve Vinoski <vinoski@ie...> - 2011-08-29 04:43:51
On Sun, Aug 28, 2011 at 11:38 PM, Kenji Rikitake <kenji.rikitake@...> wrote:
> Apache HTTPD vulnerability has been well-known and exploited these days:
> (Note that Yaws is not affected, so long as I know from testing the
> killapache.pl script on the localhost interface.)
Thanks for testing this; I had grabbed the perl script but had not yet
had a chance to try it out.
> This vulnerability indicates RFC2616 Range request can be abused for DoS
> attacks and a protocol update is proposed:
> I wonder how this affects to Yaws design and architecture.
I don't think it will have significant impact, but we'll have to take
a closer look if the HTTPbis Range limitations proposal goes through.