header-logo
Suggest Exploit
vendor:
HTTPD
by:
Doug Hoyte
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: HTTPD
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2002

Anti-Web HTTPD Denial of Service Vulnerability

When a script is executed that opens a file that does not exist, awhttpd still attempts to open the file. When awhttpd attempts to close the non-existing file following the completion of the script, it becomes unstable and crashes, resulting in a denial of service.

Mitigation:

Ensure that scripts are not executed that open non-existing files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3782/info

Anti-Web HTTPD is a freely available, open source web server designed for use on the Linux platform. It is maintained by Doug Hoyte.

Under certain circumstances awhttpd reacts unpredictably.

When a script is executed that opens a file that does not exist, awhttpd still attempts to open the file. When awhttpd attempts to close the non-existing file following the completion of the script, it becomes unstable and crashes, resulting in a denial of service. 

a sample awhttpd script looks like this:
# test.cgi
--AWHTTPD SCRIPT--
echo "this is a test"
F:test.html

Navigation

Suggest Exploit

Services By CQR