Reptile Web Server Remote Denial Of Service Vulnerability
BID:9482
Info
Reptile Web Server Remote Denial Of Service Vulnerability
| Bugtraq ID: | 9482 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-2120 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 23 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this vulnerability has been credited to "Donato Ferrante" <[email protected]>. |
| Vulnerable: |
Reptile Web Server Reptile Web Server 20020105 |
| Not Vulnerable: | |
Discussion
Reptile Web Server Remote Denial Of Service Vulnerability
Reptile has been reported prone to a remote denial of service vulnerability. It has been reported that this issue exists because the affected server does not time out on incomplete requests. A remote attacker may exploit this vulnerability to deny service to legitimate users.
Reptile has been reported prone to a remote denial of service vulnerability. It has been reported that this issue exists because the affected server does not time out on incomplete requests. A remote attacker may exploit this vulnerability to deny service to legitimate users.
Exploit / POC
Reptile Web Server Remote Denial Of Service Vulnerability
The following example has been supplied:
To test the vulnerability simply send to the webserver some (about 10)
strings like:
GET index.htm
without specify the HTTP* at the end of the GET request, and where
the requested file must be avaible in the public_html directory.
The following example has been supplied:
To test the vulnerability simply send to the webserver some (about 10)
strings like:
GET index.htm
without specify the HTTP* at the end of the GET request, and where
the requested file must be avaible in the public_html directory.
Solution / Fix
References
Reptile Web Server Remote Denial Of Service Vulnerability
References:
References:
- Reptile Web Server Homepage (Reptile Web Server)