HTTP Apache Redundant Slashes Dos

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Can anyone help ?

I have gone to the Nortons Antivirus website to find out what this
particular virus is and does and to be honest am confused given the scant
information provided by the site as to what it actually is and does.  It
mentions upgrading the Apache Server Software, the thing is i have no idea
of what this actually does and whether i actually use it or not.

Having mentioned this problem on a number of website i wondered whether
there was any solution that could be found and what it would involve to
solve it.

Re: HTTP Apache Redundant Slashes Dos

Quoted text here. Click to load it

Looks to me (from the name alone) to be a detection of an exploit
(denial of service) for an Apache server that isn't up to date. If you
were running an Apache server I would think you would know you were
doing so.

Is this detection form the AV or from a firewall's IDS component?

Re: HTTP Apache Redundant Slashes Dos


Quoted text here. Click to load it

Are you running a very old version (pre 1998) of the Apache webserver on your
computer, allowing others to access websites on your system?  If not, don't worry
about it.

It only affects webservers running apache 1.24 or older.  If you are
running an old version of apache, go to /
to get a newer version.

Note that there are major configuration changes between 1.3.33, and the 2.0
as "Apache 2.0 add-in modules are not compatible with Apache 1.3 modules"

So if your upgrading from 1.24 to the latest 2.1.6-alpha, it's best
to do a fresh install.  I can't find 1.25 on the mirrors.  The oldest
they currently carry is 1.3, which appears to have been released in Jun. 98.

Btw, what the bug actually does is cause the server to stop responding, if
enters a url like http://some.domain.invalid/pub////////////file
The extra slashes would be removed (if you had enough ram), but it would take a
long time.  Without enough ram, it would crash the server.

Regards, Dave Hodgins

Change to to reply by email.
( has been set up specifically for
use in usenet. Feel free to use it yourself.)

Site Timeline