HTTP Buffer Overflows

Andy Armstrong
Fri, 08 Mar 2002 01:18:22 +0000

Gregory Alan Bolcer wrote:
> Gartner saying that HTTP buffer overflow attacks will
> be very commonplace by 2005 according to John Pescatore.
> I wonder how many unsuccessful buffer overflow attacks
> aren't recorded.  I'm sure he means *successful* buffer
> overflow attacks.
> Is data handling really that vulnerable?

Iff server software doesn't get fixed. It's not really that hard to
write code that doesn't contain any overflow related problems, but for
some reason the practices that lead to overflow vulnerabilities seem to
be fairly commonplace.

Andy Armstrong,