vendor:
Simple HTTPd
by:
G13
7.5
CVSS
HIGH
Denial of Service (DoS)
400
CWE
Product Name: Simple HTTPd
Affected Version From: 1.42
Affected Version To: 1.42
Patch Exists: NO
Related CWE: 2011-2900
CPE: shttpd
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: WinXP SP1
2011
Simple HTTPd 1.42 PoC DoS
Simple HTTPd is still affected by the bug. The executable must be compiled with -DNO_AUTH and -D_DEBUG enabled. The exploit sends a buffer of 6000 A's to the server, causing it to crash.
Mitigation:
Compile the executable with -DNO_AUTH and -D_DEBUG enabled.