[Zope-dev] cgi.py vulnerability = opera multipart handling

Christian Theune ct@gocept.com
Fri, 27 Jul 2001 08:26:35 +0200


--ADZbWkCsHQ7r3kzd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Oh yes, thanks i read the sourceforge bug report and will post a bug
to opera instead.

Thanks for that hint.

Christian

On Fri, Jul 27, 2001 at 10:15:08AM +1000, Richard Jones wrote:
> On Fri, 27 Jul 2001 00:45, you wrote:
> > It seems that my longrunning-unanswered problem with Opera
> > and Zope (see earlier Posts) is the same as the cgi.py
> > problem.
> >
> > My Question: These Requests, that cause the DoS, are they
> > malformed or valid?
>=20
> As explained on the bug report page on sourceforge, these are malformed=
=20
> requests.
>=20
> I have no knowledge of the Opera browser, and therefore cannot comment on=
=20
> whether it is generating malformed requests.
>=20
>=20
>     Richard
>=20
> --=20
> Richard Jones
> richard@bizarsoftware.com.au
> Senior Software Developer, Bizar Software (www.bizarsoftware.com.au)

--=20
Christian Theune - ct@gocept.com
gocept gmbh & co.kg - schalaunische strasse 6 - 06366 koethen/anhalt
tel.+49 3496 3099112 - fax.+49 3496 3099118 mob. - 0178 48 33 981

reduce(lambda x,y:x+y,map(lambda x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b'=
)))

--ADZbWkCsHQ7r3kzd
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE7YQmbdUt9X/gknwIRAsioAJwMUc9Afkor+UuVRGO8nTjH5pq4sQCfVeK0
P1aiPpeKwO1qcpqn5mvcmNo=
=lSD0
-----END PGP SIGNATURE-----

--ADZbWkCsHQ7r3kzd--