ATPhttpd v0.4 DoS Vulnerability

Type

DoS, crashes Daemon

Release Date

December 13, 2001

Product / Vendor

ATPhttpd, the tiny, caching, high performance webserver. ATPhttpd is ideal for serving lots of static content, especially where disk I/O is expensive, such as NFS mounted web shares, or graphics servers.

http://www.redshift.com/~yramin/atp/atphttpd/

Summary

Server crashes after sending very long URL a few times.

http://host/AAAAAAAAA...(Ax3000)...AAA

Log

You may reach the core file through
http://www.securityoffice.net/downloads/atphttpd.core

Exploit

atphttpd.pl by Tamer Sahin
http://www.securityoffice.net/downloads/atphttpd.txt

Tested

OpenBSD 2.9 / ATPhttpd 0.4 Alpha release

Vulnerable

ATPhttpd 0.4 Alpha release (And may be other)

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.

Author

Tamer Sahin
ts(at)securityoffice.net
http://www.securityoffice.net