CVE-2004-0276

2004-09-0104:00:00

mitre

www.cve.org

AI Score

6.7

Confidence

High

EPSS

0.092

Percentile

94.7%

JSON

The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of “%” characters and a missing Host field.

References

aluigi.altervista.org/poc/monkeydos.zip

marc.info/?l=bugtraq&m=107652610506968&w=2

monkeyd.sourceforge.net/

www.osvdb.org/3921

www.securityfocus.com/bid/9642

exchange.xforce.ibmcloud.com/vulnerabilities/15187