httpd in OpenBSD allows remote malicious users to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openbsd 6.0 |
DoS-able bugs splatted
OpenBSD and two of its SSL libraries need patches against a pair of denial-of-service bugs that can crash Web-facing servers. The first is in the operating system's SSL implementation, specifically in the HTTP daemon. An advisory says that daemon can be crashed with repeated SSL renegotiation. A single renegotiation thread, the post claims, can soak up 70 per cent of CPU cycles, meaning if the attacker fires multiple renegotiation threads at the target, the daemon will crash, and “there is no ...