Small HTTP Server Denial of Service Vulnerability

vendor:

Small HTTP Server

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Small HTTP Server

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Small HTTP Server Denial of Service Vulnerability

Small HTTP Server is subject to a denial of service. When making an http request without a filename specified the server will attempt to locate index.html in that particular directory, if index.html does not exist the server will utilize a large amount of system memory. If numerous http requests, again structured without a filename, are sent to the web server, an attacker could cause the server to consume all system memory. A restart of the application is required in order to gain normal functionality.

Mitigation:

Restart the application to gain normal functionality.

Source

Exploit-DB raw data:

source : https://www.securityfocus.com/bid/1941/info


Small HTTP Server is a full service web server. This utility is less than 30Kb and requires minimal system resources.

Small HTTP Server is subject to a denial of service. When making an http request without a filename specified the server will attempt to locate index.html in that particular directory, if index.html does not exist the server will utilize a large amount of system memory . If numerous http requests, again structured without a filename, are sent to the web server, an attacker could cause the server to consume all system memory. A restart of the application is required in order to gain normal functionality.

http://target/subdirectory/