Monkey HTTP Daemon Missing Host Field Denial Of Service Vulnerability
BID:9642
Info
Monkey HTTP Daemon Missing Host Field Denial Of Service Vulnerability
| Bugtraq ID: | 9642 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 11 2004 12:00AM |
| Updated: | Feb 11 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Luigi Auriemma <[email protected]>. |
| Vulnerable: |
Monkey Monkey HTTP Daemon 0.8.1 Monkey Monkey HTTP Daemon 0.8 Monkey Monkey HTTP Daemon 0.7.2 Monkey Monkey HTTP Daemon 0.7.1 Monkey Monkey HTTP Daemon 0.7 .0 Monkey Monkey HTTP Daemon 0.6.3 Monkey Monkey HTTP Daemon 0.6.2 Monkey Monkey HTTP Daemon 0.6.1 Monkey Monkey HTTP Daemon 0.6 Monkey Monkey HTTP Daemon 0.5.1 Monkey Monkey HTTP Daemon 0.5 Monkey Monkey HTTP Daemon 0.4.2 Monkey Monkey HTTP Daemon 0.4.1 Monkey Monkey HTTP Daemon 0.4 Monkey Monkey HTTP Daemon 0.1.4 |
| Not Vulnerable: |
Monkey Monkey HTTP Daemon 0.8.2 |
Discussion
Monkey HTTP Daemon Missing Host Field Denial Of Service Vulnerability
Monkey HTTP Daemon is prone to a denial of service attacks. HTTP GET requests, which do not include a 'Host' header field, will trigger this condition.
The server will need to be restarted to regain normal functionality.
Monkey HTTP Daemon is prone to a denial of service attacks. HTTP GET requests, which do not include a 'Host' header field, will trigger this condition.
The server will need to be restarted to regain normal functionality.
Exploit / POC
Solution / Fix
Monkey HTTP Daemon Missing Host Field Denial Of Service Vulnerability
Solution:
Gentoo has released an advisory GLSA 200402-03 with fix information to address this issue. Please see the referenced advisory for more information.
Gentoo users may carry out the following commands to upgrade to the fixed version:
emerge sync
emerge -pv ">=net-www/monkeyd-0.8.2"
emerge ">=net-www/monkeyd-0.8.2"
The vendor has released an update to address this issue:
Monkey Monkey HTTP Daemon 0.1.4
Monkey Monkey HTTP Daemon 0.4
Monkey Monkey HTTP Daemon 0.4.1
Monkey Monkey HTTP Daemon 0.4.2
Monkey Monkey HTTP Daemon 0.5
Monkey Monkey HTTP Daemon 0.5.1
Monkey Monkey HTTP Daemon 0.6
Monkey Monkey HTTP Daemon 0.6.1
Monkey Monkey HTTP Daemon 0.6.2
Monkey Monkey HTTP Daemon 0.6.3
Monkey Monkey HTTP Daemon 0.7 .0
Monkey Monkey HTTP Daemon 0.7.1
Monkey Monkey HTTP Daemon 0.7.2
Monkey Monkey HTTP Daemon 0.8
Monkey Monkey HTTP Daemon 0.8.1
Solution:
Gentoo has released an advisory GLSA 200402-03 with fix information to address this issue. Please see the referenced advisory for more information.
Gentoo users may carry out the following commands to upgrade to the fixed version:
emerge sync
emerge -pv ">=net-www/monkeyd-0.8.2"
emerge ">=net-www/monkeyd-0.8.2"
The vendor has released an update to address this issue:
Monkey Monkey HTTP Daemon 0.1.4
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.4
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.4.1
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.4.2
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.5
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.5.1
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.6
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.6.1
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.6.2
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.6.3
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.7 .0
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.7.1
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.7.2
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.8
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
Monkey Monkey HTTP Daemon 0.8.1
-
Monkey monkey-0.8.2.tar.gz
http://monkeyd.sourceforge.net/get_monkey.php?ver=11
References
Monkey HTTP Daemon Missing Host Field Denial Of Service Vulnerability
References:
References:
- Monkey HTTP Daemon Product Page (Monkey)
- Denial of Service in Monkey httpd <= 0.8.1 (Luigi Auriemma
)