Monkey-Project Monkey vulnerabilities
27 known vulnerabilities affecting monkey-project/monkey.
Total CVEs
27
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM15
Vulnerabilities
Page 1 of 2
CVE-2013-3843P3MEDIUMCVSS 6.8PoC≤ 1.2.02014-06-13
CVE-2013-3843 [MEDIUM] CWE-119 CVE-2013-3843: Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP
Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.
nvd
CVE-2013-2182P3MEDIUMCVSS 5.8PoC≤ 1.4.02014-06-13
CVE-2013-2182 [MEDIUM] CWE-264 CVE-2013-2182: The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to
The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.
nvd
CVE-2013-2159P3CRITICALCVSS 9.8v1.2.12019-12-10
CVE-2013-2159 [CRITICAL] CWE-287 CVE-2013-2159: Monkey HTTP Daemon: broken user name authentication
Monkey HTTP Daemon: broken user name authentication
nvd
CVE-2013-3724P4MEDIUMCVSS 5.0PoCv1.1.12013-08-01
CVE-2013-3724 [MEDIUM] CWE-20 CVE-2013-3724: The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to ca
The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.
nvd
CVE-2002-2154P4MEDIUMCVSS 5.0PoCv0.1.42002-12-31
CVE-2002-2154 [MEDIUM] CWE-22 CVE-2002-2154: Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitr
Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
nvd
CVE-2025-63655P3HIGHCVSS 7.5≤ 1.8.52026-01-29
CVE-2025-63655 [HIGH] CWE-476 CVE-2025-63655: A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commi
A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
nvd
CVE-2025-63658P3HIGHCVSS 7.5≤ 1.8.52026-01-29
CVE-2025-63658 [HIGH] CWE-121 CVE-2025-63658: A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984
A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
nvd
CVE-2025-63652P3HIGHCVSS 7.5≤ 1.8.52026-01-29
CVE-2025-63652 [HIGH] CWE-416 CVE-2025-63652: A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984
A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
nvd
CVE-2025-63651P3HIGHCVSS 7.5≤ 1.8.52026-01-29
CVE-2025-63651 [HIGH] CWE-416 CVE-2025-63651: A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e98
A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
nvd
CVE-2004-0276P4MEDIUMCVSS 5.0PoC≤ 0.8.1v0.1.1+9 more2004-11-23
CVE-2004-0276 [MEDIUM] CWE-20 CVE-2004-0276: The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attacke
The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.
nvd
CVE-2025-63649P3HIGHCVSS 7.5≤ 1.8.52026-01-29
CVE-2025-63649 [HIGH] CWE-125 CVE-2025-63649: An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parse
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.
nvd
CVE-2002-1663P4MEDIUMCVSS 5.0PoC≤ 0.1.12002-12-31
CVE-2002-1663 [MEDIUM] CWE-20 CVE-2002-1663: The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to
The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.
nvd
CVE-2025-63653P3HIGHCVSS 7.5≤ 1.8.52026-01-29
CVE-2025-63653 [HIGH] CWE-125 CVE-2025-63653: An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37
An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
nvd
CVE-2025-63656P3HIGHCVSS 7.5≤ 1.8.52026-01-29
CVE-2025-63656 [HIGH] CWE-125 CVE-2025-63656: An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e9
An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
nvd
CVE-2025-63650P3HIGHCVSS 7.5≤ 1.8.52026-01-29
CVE-2025-63650 [HIGH] CWE-125 CVE-2025-63650: An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e98
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
nvd
CVE-2025-63657P3HIGHCVSS 7.5≤ 1.8.52026-01-29
CVE-2025-63657 [HIGH] CWE-125 CVE-2025-63657: An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f3
An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
nvd
CVE-2002-1852P4MEDIUMCVSS 4.3PoCv0.5.02002-12-31
CVE-2002-1852 [MEDIUM] CWE-79 CVE-2002-1852: Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary
Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl.
nvd
CVE-2003-0218P3HIGHCVSS 7.5≤ 0.6.1v0.1.1+2 more2003-05-12
CVE-2003-0218 [HIGH] CWE-119 CVE-2003-0218: Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows r
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.
nvd
CVE-2005-1122P4HIGHCVSS 7.5≤ 0.9.0v0.1.1+14 more2005-04-14
CVE-2005-1122 [HIGH] CWE-134 CVE-2005-1122: Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attacker
Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").
nvd
CVE-2012-4443P4MEDIUMCVSS 6.9v0.9.32012-10-05
CVE-2012-4443 [MEDIUM] CWE-264 CVE-2012-4443: Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scri
Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.
nvd
1 / 2Next →