You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/07/24 03:47:56 UTC

Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures (fwd)

I haven't seen the original.  But this looks like the DoS we've talked
about the past few days... someone will probably post it against apache
soon enough. 

Dean

---------- Forwarded message ----------
Date: Wed, 23 Jul 1997 14:40:29 +0200
From: Stefan Rompf <sr...@TELEMATION.DE>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures

At 00:15 23.07.97 +0200, Simon Josefsson wrote:

>Fellow bugtraqers, I stumpled over this tonight.  It's a DoS-attack
>against a Oracle Webserver 2.1 that serves PL/SQL stored procedures.

The old Oracle Webserver 1.0.2.0.2 cannot be attacked this way. There seem
to be hard limits of 32 lines HTTP-Request, 1540 chars on the GET/HEAD
statement and 4096 chars on every additional header line.

Stefan