Opened 10 years ago

Closed 8 years ago

Last modified 7 years ago

#175 closed editorial (incorporated)

Security consideration: range flooding

Reported by: mnot@… Owned by: ylafon@…
Priority: normal Milestone: 16
Component: p5-range Severity: Active WG Document
Keywords: Cc:

Description

Allowing overlapping ranges permits the client side to request more data than the largest file available at the server side. It is trivial to construct a 100MB file request from 200 overlapping partial requests of a 500K file. This allows the TCP optimistic ACK attack [1] to be performed on web servers all over the world.

[1] http://www.mail-archive.com/linux-net%40vger.kernel.org/msg01053.html

Change History (6)

comment:1 Changed 9 years ago by julian.reschke@…

  • Component changed from non-specific to p5-range
  • Priority set to normal

comment:2 Changed 9 years ago by ylafon@…

  • Owner set to ylafon@…
  • Status changed from new to assigned

comment:3 Changed 8 years ago by ylafon@…

From [1355]:

Added security consideration on range flooding (See #175)

comment:4 Changed 8 years ago by ylafon@…

  • Milestone changed from unassigned to 16

comment:5 Changed 8 years ago by ylafon@…

  • Resolution set to incorporated
  • Status changed from assigned to closed

comment:6 Changed 7 years ago by fielding@…

From [2157]:

Address range flooding security issue (#175 and #311) by direct requirements and recommendations.

Actually require Content-Range and Content-Type (when appropriate) inside multipart/byteranges body parts instead of assuming that the reader will read between the lines of the MIME registration template.

Simplify description of required headers in 206 responses.

Note: See TracTickets for help on using tickets.