BugTraq
Back to list
|
Post reply
DomsHttpd 1.0 <= Remote Denial Of Service
Jul 17 2012 09:14AM
pereira secbiz de
#################################################
DomsHttpd 1.0 <= Remote Denial Of Service
#################################################
Discovered by: Jean Pascal Pereira <pereira (at) secbiz (dot) de [email concealed]>
About DomsHttpd:
"A very simple HTTP protocol program base on asynchronous socket model."
Vendor URI: http://domshttpd.codeplex.com/
#################################################
The remote attacker has the possibility to crash the application by sending a malformed referer inside the HTTP request.
-------------------------------------
Exploit / Proof Of Concept:
http://dl.packetstormsecurity.net/1207-exploits/domshttpd-dos.txt
-------------------------------------
Solution:
Do some input validation.
-------------------------------------
########################################################################
#####################
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
DomsHttpd 1.0 <= Remote Denial Of Service
#################################################
Discovered by: Jean Pascal Pereira <pereira (at) secbiz (dot) de [email concealed]>
About DomsHttpd:
"A very simple HTTP protocol program base on asynchronous socket model."
Vendor URI: http://domshttpd.codeplex.com/
#################################################
The remote attacker has the possibility to crash the application by sending a malformed referer inside the HTTP request.
-------------------------------------
Exploit / Proof Of Concept:
http://dl.packetstormsecurity.net/1207-exploits/domshttpd-dos.txt
-------------------------------------
Solution:
Do some input validation.
-------------------------------------
########################################################################
#####################
[ reply ]