Published: 23/11/2004 Updated: 26/03/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and previous versions allows remote malicious users to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
monkey-project monkey 0.7.1
monkey-project monkey 0.7.2
monkey-project monkey
monkey-project monkey 0.8.0
monkey-project monkey 0.7.0
monkey-project monkey 0.5.2
monkey-project monkey 0.1.1
monkey-project monkey 0.6.0
monkey-project monkey 0.6.1
monkey-project monkey 0.6.2
monkey-project monkey 0.6.3

source: wwwsecurityfocuscom/bid/9642/info Monkey HTTP Daemon is prone to a denial of service attacks HTTP GET requests, which do not include a 'Host' header field, will trigger this condition The server will need to be restarted to regain normal functionality githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin- ...

CWE-20 http://www.securityfocus.com/bid/9642 http://aluigi.altervista.org/poc/monkeydos.zip http://monkeyd.sourceforge.net/http://www.osvdb.org/3921 http://marc.info/?l=bugtraq&m=107652610506968&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/15187 https://nvd.nist.gov https://www.exploit-db.com/exploits/23686/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-0276

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect