[Zope-dev] cgi.py vulnerability = opera multipart handling

Christian Theune ct@gocept.com
Thu, 26 Jul 2001 16:45:05 +0200


--0hHDr/TIsw4o3iPK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi.

It seems that my longrunning-unanswered problem with Opera
and Zope (see earlier Posts) is the same as the cgi.py
problem.

My Question: These Requests, that cause the DoS, are they
malformed or valid?

I need to know because if they are malformed, i have to blame=20
the opera team, if they are valid, i have to blame someone
at ZC to fix it otherwise.

Regards

--=20
Christian Theune - ct@gocept.com
gocept gmbh & co.kg - schalaunische strasse 6 - 06366 koethen/anhalt
tel.+49 3496 3099112 - fax.+49 3496 3099118 mob. - 0178 48 33 981

reduce(lambda x,y:x+y,map(lambda x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b'=
)))

--0hHDr/TIsw4o3iPK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE7YCzwdUt9X/gknwIRAhe+AJ9ku19iHRK7oEp4W4EaUSmrc357nwCfYhhU
mfXvQz68KfDtyG3r9uWQWcA=
=DG7s
-----END PGP SIGNATURE-----

--0hHDr/TIsw4o3iPK--