[follow-ups set] PMFJI:
Buffer overflow in this case happened because of sub-requests - which are hard to deal with at any rate. The actual GET/POST had nothing to do with the insecure action as far as this issue is concerned, the side effect was caused by the way the sub-request handled the execution/hand-off, so the hack was approximately 50 bytes in size (BTW, I have the BSD C source code for the hack if you want it.) And yes, not to toot any horns, but 'them Apache Groupies' are pretty sharp ! ;) HTH/Sx :] (just another ApacheCon 2000 Orlando Speaker :) On Friday, August 30, 2002, at 02:33 PM, HalbaSus wrote: > than packetstorm and securityfocus ? Buffer owerflow under 500 > characters ???