[Zope] Easy Zope DoS ?

[Toby Dickenson]

On Tue, 21 May 2002 13:07:56 -0700 (PDT), "John Adams"
<jadams@inktomi.com> wrote:

>It seems that if I've started the zope server from the command line, and
>then telnet to the port it's running on (8080) and issue a malformed =
HTTP
>request, I can kill the server. Does anyone else experience this?

Zope has a significant number of easily exploitable denial of service
vulnerabilities in the low level http handling layers.

If you care about this run zope behind a front end proxy; squid or
apache/mod_proxy.


Toby Dickenson
tdickenson@geminidataloggers.com