Null HTTP Multiple POST Request Content-Length DoS

2003-09-25T10:06:07
ID OSVDB:3571
Type osvdb
Reporter OSVDB
Modified 2003-09-25T10:06:07

Description

Vulnerability Description

Null Httpd contains a flaw that may allow a remote denial of service. The issue is triggered when multiple HTTP POST requests are sent to the server containing less data than specifed in the Content-Length header, and will result in loss of availability for the service.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Null Httpd contains a flaw that may allow a remote denial of service. The issue is triggered when multiple HTTP POST requests are sent to the server containing less data than specifed in the Content-Length header, and will result in loss of availability for the service.

Manual Testing Notes

POST / HTTP/1.0 Content-Length: 10

123456789

References:

Vendor URL: http://nullhttpd.sourceforge.net/httpd/ Secunia Advisory ID:9845 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2003-09/0399.html ISS X-Force ID: 13283 Generic Exploit URL: http://aluigi.altervista.org/poc/webpostmem.zip Bugtraq ID: 8697