Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

ATPhttpd 0.4 DoS Vulnerability

From: "Tamer Sahin" <ts () securityoffice net>
Date: Thu, 13 Dec 2001 23:11:57 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ATPhttpd 0.4 DoS Vulnerability

Type:
DoS, crashes Daemon

Release Date:
December 13, 2001

Product / Vendor:
ATPhttpd, the tiny, caching, high performance webserver. ATPhttpd is
ideal for serving lots of static content, especially where disk I/O
is expensive, such as NFS mounted web shares, or graphics servers.

http://www.redshift.com/~yramin/atp/atphttpd/

Summary:
Server crashes after sending very long URL a few times.

http://host/AAAAAAAAA...(Ax3000)...AAA

Log:
You may reach the core file through
http://www.securityoffice.net/downloads/atphttpd.core

Exploit:
atphttpd.pl by Tamer Sahin
http://www.securityoffice.net/downloads/atphttpd.txt

Tested:
OpenBSD 2.9 / ATPhttpd 0.4 Alpha release

Vulnerable:
ATPhttpd 0.4 Alpha release (And may be other)

Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:
Tamer Sahin
ts () securityoffice net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0 Fingerprint:
B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPBj9fbuLpFMrXtywEQIuKACcDh+NkQCVj+iTV048l9ybQiWN90cAn1zw
1chZ5YPNBB46zdB7c1cSHUp3
=K1EP
-----END PGP SIGNATURE-----

Attachment: atphttpd.pl
Description:

Previous By Date Next
Previous By Thread Next

Current thread: