Month: September 2011

  • Testing Go’s HTTP server for CVE-2011-3192 vulnerability

    by

    in

    The recent DoS attack on Apache is caused by sending in a malformed Range header. I decided to send the same header into Go’s range header parser and see what happened. It passed with flying colors, giving the “invalid range” error, which would result in the Go webserver sending back HTTP response code 416 to…