17 Jul 2012 11:14
DomsHttpd 1.0 <= Remote Denial Of Service
<pereira <at> secbiz.de>
2012-07-17 09:14:57 GMT
2012-07-17 09:14:57 GMT
################################################# DomsHttpd 1.0 <= Remote Denial Of Service ################################################# Discovered by: Jean Pascal Pereira <pereira <at> secbiz.de> About DomsHttpd: "A very simple HTTP protocol program base on asynchronous socket model." Vendor URI: http://domshttpd.codeplex.com/ ################################################# The remote attacker has the possibility to crash the application by sending a malformed referer inside the HTTP request. ------------------------------------- Exploit / Proof Of Concept: http://dl.packetstormsecurity.net/1207-exploits/domshttpd-dos.txt ------------------------------------- Solution: Do some input validation. ------------------------------------- #############################################################################################
RSS Feed