22 May
2002
22 May
'02
8:38 a.m.
On Tue, 21 May 2002 13:07:56 -0700 (PDT), "John Adams" <jadams@inktomi.com> wrote:
It seems that if I've started the zope server from the command line, and then telnet to the port it's running on (8080) and issue a malformed HTTP request, I can kill the server. Does anyone else experience this?
Zope has a significant number of easily exploitable denial of service vulnerabilities in the low level http handling layers. If you care about this run zope behind a front end proxy; squid or apache/mod_proxy. Toby Dickenson tdickenson@geminidataloggers.com