Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: wsphere5.htm

IBM HTTP Server kernel leak DoS



    IBM HTTP Server, 1.3.12, for Windows NT/2000


    Following is based on a Defcom Labs Advisory def-2001-02 by  Peter
    Grundl.  The  Apfa cache in  the IBM HTTP  Server, which Websphere
    is built on, has problems handling certain types of URL  requests.
    The result of such a URL  is a kernel leak, which will  eventually
    end up  consuming all  available kernel  memory and  rendering the
    host useless.

    Sending  a  continous  stream  of  HTTP requests resulting in "bad
    request" will cause a kernel leak  in Windows NT.  There are  many
    ways to trigger the bad request result that triggers the leak, eg.

        GET / HTTP/1.0\r\nuser-agent: 20000xnull\r\n\r\n


    Comment  out  the  three  lines  beginning  with  "Afpa"  in   the
    httpd.conf file (located in the  conf directory in the web  server
    folder).  Download and install the fix from

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH