> just for the record I have the impression that this not the same vulnerability > you outlined in your advisory a while back. It is more that the idea > for this vulnerability originated from your advisory, not the same bug.
I don't think this even matters, and I really don't disagree... In 2007, I noticed that their Range handling is silly, and may prompt them to generate very large responses. I casually proposed a window scaling-based attack back then, and nothing happened. My understanding is that your exploit is based on the same principle (I don't think they fixed this in any way), but combines it with protocol-level compression to force the server to waste some memory and CPU resources to compress the response beforehand. But in any case, life goes on, it's just a DoS. Good that they're fixing it... /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
