[Full-disclosure] IPS Evasion with the Apache HTTP Server
H D Moore
fdlist at digitaloffense.net
Wed Jun 20 16:37:12 BST 2007
Apparently I can't read before 10:00am :) 3APA3A corrected me, the RFC
states that there can actually be multiple CRLF before the start of the
request. Time to find some coffee...
Thanks for the feedback!
-HD
On Wednesday 20 June 2007 09:19, H D Moore wrote:
> The note in RFC 2616, Section 4.1, refers to a single CRLF before the
> Request-Line.
Full-Disclosure is hosted and sponsored by Secunia.