CVE-2013-3843

CVE-2013-3843 affects Monkey HTTP Daemon (monkeyd) prior to version 1.2.1. A stack-based overflow in the mk_request_header_process function (mk_request.c) can be triggered by a crafted HTTP header, enabling a remote attacker to crash the server and, per sources, potentially execute arbitrary code...

CVE-2002-1663

Monkey HTTP Server (monkeyd) is affected by CVE-2002-1663 through the Post_Method function in method.c, where a crafted POST request with an invalid or missing Content-Length header can crash the server and cause a denial of service. The vulnerability is reported for versions prior to 0.5.1. The ...

CVE-2002-2154

CVE-2002-2154 describes a directory traversal vulnerability in the web server component Monkey HTTP Daemon 0.1.4. Remote attackers can read arbitrary files by using dot-dot sequences in the request path. The problem is documented across multiple feeds (NVD, Red Hat advisories, CVE listings) with ...

CVE-2003-0218

The CVE-2003-0218 entry concerns Monkey HTTP Server (monkeyd) up to version 0.6.1. A buffer overflow in the PostMethod() triggered by a POST with a large body is described as allowing remote code execution or a server crash. Public details across sources consistently note that vulnerable software...

CVE-2013-2159

CVE-2013-2159 affects Monkey HTTP Daemon with a broken user name authentication mechanism. The NVD notes a CVSSv2 base score of 7.5 (HIGH) and CVSSv3.1 base score of 9.8 (CRITICAL), indicating high impact on confidentiality, integrity, and availability. Connected records reaffirm the same issue, ...

CVE-2013-1771

CVE-2013-1771 affects the Monkeyd web server, where the master.log (/var/log/monkeyd/master.log) is world-readable on Gentoo due to permissions. This could expose log contents (e.g., requests) as described in the provided sources. No concrete exploit details or patch/version remediation are prese...

CVE-2013-3724

CVE-2013-3724 affects Monkey HTTP Daemon 1.1.1, where mk_request_header_process in mk_request.c can be triggered by a null byte ('\0') in an HTTP request to cause a denial of service (thread crash and service outage). This vulnerability is documented across multiple sources (NVD, Red Hat, Gentoo ...

CVE-2005-1123

CVE-2005-1123 affects the Monkey HTTP Daemon (monkeyd) before version 0.9.1. The vulnerability allows a remote attacker to cause a denial-of-service via a request for a zero-byte file, resulting in memory corruption. Public sources (Gentoo GLSA 200504-14 and Nessus entries) describe a DoS and, in...

CVE-2012-4442

Summary: CVE-2012-4442 affects Monkey HTTP Daemon 0.9.3. The issue arises because the daemon retains the supplementary group IDs of the root account while operating with a non-root effective UID, which could allow local users to bypass file-read restrictions due to a race condition in a file-perm...

CVE-2013-2163

CVE-2013-2163 affects Monkey HTTP Daemon (monkeyd) prior to version 1.2.2. The issue allows a remote attacker to cause a denial of service (infinite loop) by sending a crafted Range header with an offset equal to the file size. Public docs consistently describe the vector as a Range-header-based ...

CVE-2013-2183

Technical details about CVE-2013-2183 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

CVE-2014-5336

CVE-2014-5336 affects Monkey HTTP Server prior to 1.5.3. When the File Descriptor Table (FDT) is enabled and custom error messages are configured, a remote attacker can trigger an HTTP error response that consumes file descriptors, causing a denial of service. The impact described is a partial av...

CVE-2004-0276

The CVE-2004-0276 entry concerns Monkey HTTP Daemon (monkeyd) versions up to and including 0.8.1. The vulnerability is in the get_real_string function, where processing an HTTP request containing a sequence of "%" characters and a missing Host header can cause the daemon to crash, resulting in a ...

CVE-2005-1122

The CVE-2005-1122 entry concerns the Monkey HTTP Server component monkeyd, specifically a format string vulnerability in cgi.c prior to version 0.9.1. A remote attacker can trigger a denial of service and potentially arbitrary code execution by sending an HTTP GET request containing double-encode...

CVE-2012-5303

Monkey HTTP Daemon 0.9.3 is vulnerable to a local file overwrite via a symlink attack on its PID file. The issue is a race condition that can occur when a pathname different from the default /var/run/monkey.pid is used, allowing local users to trick the daemon into overwriting arbitrary files. Im...

CVE-2013-2181

Affected software : Monkey HTTP Daemon (monkeyd) 1.2.2 with the Directory Listing plugin. Vulnerability : Cross-site scripting (XSS) via a file name (CVE-2013-2181). Root cause : Directory Listing plugin mishandles file names, enabling script/HTML injection. Impact : potential execution of arbitr...

CVE-2013-2182

The CVE-2013-2182 entry concerns the Mandril security plugin in Monkey HTTP Daemon (monkeyd) prior to 1.5.0. The root cause is a bypass of access restrictions via a crafted URI, demonstrated by an encoded forward slash, enabling remote attackers to access restricted paths. Public references corro...

CVE-2002-1852

CVE-2002-1852 describes a cross-site scripting (XSS) vulnerability in Monkey 0.5.0. The issue allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl. Connected documents confirm the affected product and the general impact, but do not provide ...

CVE-2003-1209

The vulnerability CVE-2003-1209 affects Monkey HTTP Daemon prior to 0.6.2. A POST request without a Content-Type header can cause the server to crash, resulting in a denial of service. The description and connected records confirm the affected product (Monkey HTTP Daemon) and the root cause (like...

CVE-2012-4443

CVE-2012-4443 affects Monkey HTTP Daemon 0.9.3. The issue stems from the daemon executing CGI scripts with real UID/GID of root, enabling local users to potentially gain privileges by exploiting write access to cgi-bin. This is a local-privilege-escalation path described in multiple sources. No r...

CVE-2025-63657

An out-of-bounds read vulnerability resides in the monkey project, affecting commit f37e984 in the function mk_mimetype_find (mk_server/mk_mimetype.c). The issue can be triggered by sending a crafted HTTP request to the server, leading to Denial of Service. The available documents describe the vu...

CVE-2025-63649

CVE-2025-63649 affects monkey (mk_server/mk_http_parser.c) due to an out-of-bounds read in http_parser_transfer_encoding_chunked following commit f37e984. This can allow a remote attacker to trigger a Denial of Service by sending a crafted POST request to the server. Connected documents corrobora...

CVE-2025-63653

Affects mk_server/mk_vhost.c, function mk_vhost_fdt_close, in monkey commit f37e984. This out-of-bounds read can be triggered by a crafted HTTP request to cause a Denial of Service. Public documents do not provide a confirmed fixed version or patch details; exploitation status is not described be...

CVE-2025-63656

CVE-2025-63656 affects the Monkey server (commit f37e984) with an out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c). Exploitation is sufficient to cause a Denial of Service by receiving a crafted HTTP request. Connected sources (Red Hat advisory, NVD/NVL records, Attacker...

CVE-2025-63652

A use-after-free vulnerability (CVE-2025-63652) exists in Monkey’s HTTP server code path mk_http_request_end (file mk_server/mk_http.c) triggered by crafted HTTP requests. Reported against commit f37e984, it can cause Denial of Service. The issue is documented across multiple sources (Red Hat, NV...

CVE-2025-63655

CVE-2025-63655 describes a NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) in the Monkey project, fixed in commit f37e984. The issue allows an attacker to cause a Denial of Service by sending a crafted HTTP request to the targeted server. Affected component is t...

CVE-2025-63650

CVE-2025-63650 concerns an out-of-bounds read in the mk_ptr_to_buf of the mk_core mk_memory.c module in the Monkey project, tracked to commit f37e984. The Red Hat and NVD entries, along with other sources, describe that sending a specially crafted HTTP request can trigger the read, leading to a D...

CVE-2025-63651

CVE-2025-63651 is a use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of the Monkey project, fixed by updating to commit f37e984 or later. The vulnerability allows a crafted HTTP request to trigger a Denial of Service via the affected string-search path. Affected componen...

CVE-2025-63658

CVE-2025-63658 is a stack overflow vulnerability in the Monkey server code. The flaw resides in the mk_http_index_lookup function (mk_server/mk_http.c) triggered by handling crafted HTTP requests, leading to Denial of Service. The observed root cause is a stack overflow in the handling/lookup log...