NullLogic Null HTTPd 0.5 - Remote Denial of Service

EDB-ID:

23181

CVE:


EDB Verified:

Author:

Luigi Auriemma

Type:

dos

Exploit:   /  

Platform:

Multiple

Date:

2003-09-24

Vulnerable App: 
source: https://www.securityfocus.com/bid/8697/info

Null HTTPd has been reported prone to a remotely triggered denial of service vulnerability.

The issue has been reported to present itself in the HTTP POST handling routines within the Null HTTPd server. It has been reported that a remote attacker may make a malicious HTTP POST request, specifying a 'Content-Length' value in the HTTP header and then sending data that amounts to 1 byte less that the specified Content-Length. This will reportedly leave each connection on the server in an open state. An attacker can exploit this condition to trigger a denial of service of the affected server. 

POST / HTTP/1.0
Content-Length: 10

123456789
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services