It seems that if I've started the zope server from the command line, and then telnet to the port it's running on (8080) and issue a malformed HTTP request, I can kill the server. Does anyone else experience this? i.e. % telnet www 8080 GET /<press return> <press return> The server goes down for the count after this. -j
Zope 2.4.3 on Linux returned a HTTP/1.0 500 and continued serving requests from other browsers. John Adams wrote:
It seems that if I've started the zope server from the command line, and then telnet to the port it's running on (8080) and issue a malformed HTTP request, I can kill the server. Does anyone else experience this?
i.e.
% telnet www 8080 GET /<press return> <press return>
The server goes down for the count after this.
-j
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[John Adams]
It seems that if I've started the zope server from the command line, and then telnet to the port it's running on (8080) and issue a malformed HTTP request, I can kill the server. Does anyone else experience this?
i.e.
% telnet www 8080 GET /<press return> <press return>
The server goes down for the count after this.
Not on Win2000. At least, not exactly. What I do get is no echo - I don't see what I typed, and get no response until I type quite a few <return>s. Whenever I connect to Zope with telnet, when it finally responds, it then disconnects from the telnet session. Zope is still running though.
From the non-echoed telnet session, if I enter the command by haven't yet put in enough <return>s and I go to my browser and hit the site, I get the page in the browser and also Zope send the home page to the telnet session, then disconnects.
This is all on a single machine, using localhost. Through it all, Zope continues to run. Cheers, Tom P
I wrote,
[John Adams]
It seems that if I've started the zope server from the command line, and then telnet to the port it's running on (8080) and issue a malformed
HTTP
request, I can kill the server. Does anyone else experience this?
i.e.
% telnet www 8080 GET /<press return> <press return>
The server goes down for the count after this.
Not on Win2000. At least, not exactly. What I do get is no echo - I don't see what I typed, and get no response until I type quite a few <return>s. Whenever I connect to Zope with telnet, when it finally responds, it then disconnects from the telnet session. Zope is still running though.
Forgot to say that this is Zope 2.3.3. Tom P
On Tue, 21 May 2002, Thomas B. Passin wrote:
[John Adams]
It seems that if I've started the zope server from the command line, and then telnet to the port it's running on (8080) and issue a malformed HTTP request, I can kill the server. Does anyone else experience this? [...] The server goes down for the count after this.
Let me add a few notes here so I don't cause a panic. I'm on Zope 2.5.0 with python 2.1.1 (SunOS 5.8 Generic_108528-01 sun4u sparc SUNW,Ultra-250.) Non-CVS checkout -- this is a release I downloaded from zope.com. This problem doesn't happen on an immediate restart of zope, so it's certainly not an Easy DoS as I may have indicated. It happens once the server's been up for awhile (but time to failure is unknown.) I just restarted my server and now I can't reproduce the issue. I see quite a few people on higher versions of Zope, and I should probably upgrade, but I'd like to know if anyone sees random Zope daemon failure that is similar to what I'm experiencing. -john
Using Zope 2.5.1 and Python 2.1.1, I do not see a server lockup but I do see an exception printed to the console. 2002-05-21T21:43:16 ERROR(200) ZServer Server Error: exceptions.TypeError, cannot add type "None" to string: file: /home/creiman/zope/ZopeCVS/Zope/ZServer/HTTPServer.py line: 181 The response is an HTTP 500 internal server error. I find this worrisome but the server does not crash. I'm only mentioning this because no one else reported such an exception. FWIW, HTTPServer.py: line 181 is accessing request.version (and there is no check to see if the attribute is None). Just for grins, I then repeated the request about 20 times to see if it might be killing threads. The server repeats the above behavior but is still running fine. The server should handle this more gracefully. Most likely by trapping the missing version earlier and responding with a malformed request error.
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of John Adams Sent: Tuesday, May 21, 2002 2:30 PM To: zope@zope.org Subject: Re: [Zope] Easy Zope DoS ?
On Tue, 21 May 2002, Thomas B. Passin wrote:
[John Adams]
It seems that if I've started the zope server from the command line, and then telnet to the port it's running on (8080) and issue a malformed HTTP request, I can kill the server. Does anyone else experience this? [...] The server goes down for the count after this.
Let me add a few notes here so I don't cause a panic. I'm on Zope 2.5.0 with python 2.1.1 (SunOS 5.8 Generic_108528-01 sun4u sparc SUNW,Ultra-250.) Non-CVS checkout -- this is a release I downloaded from zope.com.
This problem doesn't happen on an immediate restart of zope, so it's certainly not an Easy DoS as I may have indicated. It happens once the server's been up for awhile (but time to failure is unknown.) I just restarted my server and now I can't reproduce the issue.
I see quite a few people on higher versions of Zope, and I should probably upgrade, but I'd like to know if anyone sees random Zope daemon failure that is similar to what I'm experiencing.
-john
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Charlie Reiman]
Using Zope 2.5.1 and Python 2.1.1, I do not see a server lockup but I do see an exception printed to the console.
2002-05-21T21:43:16 ERROR(200) ZServer Server Error: exceptions.TypeError, cannot add type "None" to string: file: /home/creiman/zope/ZopeCVS/Zope/ZServer/HTTPServer.py line: 181
This might be the original problem. If the server is started with no console to write to, on some systems it causes a crash. The remedy seems to be to have the server write to a log file. Cheers, Tom P
On Tue, May 21, 2002 at 01:07:56PM -0700, John Adams wrote:
It seems that if I've started the zope server from the command line, and then telnet to the port it's running on (8080) and issue a malformed HTTP request, I can kill the server. Does anyone else experience this?
i.e.
% telnet www 8080 GET /<press return> <press return>
The server goes down for the count after this.
What version? Can't reproduce this on a Zope 2.5 branch CVS checkout. -- Martijn Pieters | Software Engineer mailto:mj@zope.com | Zope Corporation http://www.zope.com/ | Creators of Zope http://www.zope.org/ ---------------------------------------------
On Tue, 21 May 2002 13:07:56 -0700 (PDT), "John Adams" <jadams@inktomi.com> wrote:
It seems that if I've started the zope server from the command line, and then telnet to the port it's running on (8080) and issue a malformed HTTP request, I can kill the server. Does anyone else experience this?
Zope has a significant number of easily exploitable denial of service vulnerabilities in the low level http handling layers. If you care about this run zope behind a front end proxy; squid or apache/mod_proxy. Toby Dickenson tdickenson@geminidataloggers.com
participants (7)
-
Charlie Reiman -
Jens Vagelpohl -
John Adams -
John Ziniti -
Martijn Pieters -
Thomas B. Passin -
Toby Dickenson