29
Monkey Webserver HTTP POST empty content-length Denial of Service
HTTP
2003/11/14
Marc Ruef
marc dot ruef at computec dot ch
http://www.computec.ch
computec.ch
Marc Ruef
marc dot ruef at computec dot ch
http://www.computec.ch
computec.ch
2004/11/14
2.0
Corrected the plugin structure and added the accuracy values in 1.4. Improved the pattern matching and introduced the plugin changelog in 2.0
tcp
80
open|send HEAD / HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *Monkey Webserver 0.*
80
This plugin was written with the ATK Attack Editor.
Monkey Webserver prior 0.5.0
Other web servers and Monkey Webservers newer than 0.5.0.
Denial Of Service
An attacker may start an remote denial of service attack to Monkey Webservers prior version 0.5.0. This could be done sending a POST request with an content-length line without a value.
Upgrade to the latest version or filter unwanted HTTP access to the web server
1 hour
Yes
http://www.securityfocus.com/bid/6096/exploit/
Yes
Yes
Medium
6
7
7
6
Medium
Nessus is able to do the same check.
6096
11924
Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
http://www.computec.ch
