blocking gzip encoded files
From: Darwin Mecham (darwin_at_cissp.com)
Date: 02/23/04
- Previous message: Peter Winter-Smith: "Web Crossing 4.x/5.x Denial of Service Vulnerability (FIX)"
- In reply to: Chris Calabrese: "Re: Windows XP explorer.exe heap overflow."
- Next in thread: mgotts_at_2roads.com: "Re: blocking gzip encoded files"
- Reply: mgotts_at_2roads.com: "Re: blocking gzip encoded files"
- Reply: Josep L. Guallar-Esteve: "Re: blocking gzip encoded files"
- Maybe reply: Gervase Markham: "RE: blocking gzip encoded files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Feb 2004 15:38:39 -0700 To: bugtraq@securityfocus.com
It has recently come to my attention that most browsers happily
do Accept-encoding: gzip and streaming decompression of
HTML data received with Content-encoding: gzip
without asking.
This has been in use since sometime in 1998.
Is there a way to configure the run-of-the-mill browser to
block these at the host level ?
Darwin
- Previous message: Peter Winter-Smith: "Web Crossing 4.x/5.x Denial of Service Vulnerability (FIX)"
- In reply to: Chris Calabrese: "Re: Windows XP explorer.exe heap overflow."
- Next in thread: mgotts_at_2roads.com: "Re: blocking gzip encoded files"
- Reply: mgotts_at_2roads.com: "Re: blocking gzip encoded files"
- Reply: Josep L. Guallar-Esteve: "Re: blocking gzip encoded files"
- Maybe reply: Gervase Markham: "RE: blocking gzip encoded files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
