[Zope] Easy Zope DoS ?
Thomas B. Passin
tpassin@mitretek.org
Tue, 21 May 2002 16:25:44 -0400
[John Adams]
>
> It seems that if I've started the zope server from the command line, and
> then telnet to the port it's running on (8080) and issue a malformed HTTP
> request, I can kill the server. Does anyone else experience this?
>
> i.e.
>
> % telnet www 8080
> GET /<press return>
> <press return>
>
> The server goes down for the count after this.
>
Not on Win2000. At least, not exactly. What I do get is no echo - I don't
see what I typed, and get no response until I type quite a few <return>s.
Whenever I connect to Zope with telnet, when it finally responds, it then
disconnects from the telnet session. Zope is still running though.
>From the non-echoed telnet session, if I enter the command by haven't yet
put in enough <return>s and I go to my browser and hit the site, I get the
page in the browser and also Zope send the home page to the telnet session,
then disconnects.
This is all on a single machine, using localhost. Through it all, Zope
continues to run.
Cheers,
Tom P