Vulnerability Details CVE-2004-0276
The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.093
EPSS Ranking 92.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://aluigi.altervista.org/poc/monkeydos.zip
- http://marc.info/?l=bugtraq&m=107652610506968&w=2
- http://monkeyd.sourceforge.net/
- http://www.osvdb.org/3921
- http://www.securityfocus.com/bid/9642
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15187
- http://aluigi.altervista.org/poc/monkeydos.zip
- http://marc.info/?l=bugtraq&m=107652610506968&w=2
- http://monkeyd.sourceforge.net/
- http://www.osvdb.org/3921
- http://www.securityfocus.com/bid/9642
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15187
Products affected by CVE-2004-0276
-
cpe:2.3:a:monkey-project:monkey:-
-
cpe:2.3:a:monkey-project:monkey:0.1.1
-
cpe:2.3:a:monkey-project:monkey:0.1.4
-
cpe:2.3:a:monkey-project:monkey:0.5.0
-
cpe:2.3:a:monkey-project:monkey:0.5.1
-
cpe:2.3:a:monkey-project:monkey:0.5.2
-
cpe:2.3:a:monkey-project:monkey:0.6.0
-
cpe:2.3:a:monkey-project:monkey:0.6.1
-
cpe:2.3:a:monkey-project:monkey:0.6.2
-
cpe:2.3:a:monkey-project:monkey:0.6.3
-
cpe:2.3:a:monkey-project:monkey:0.7.0
-
cpe:2.3:a:monkey-project:monkey:0.7.1
-
cpe:2.3:a:monkey-project:monkey:0.7.2
-
cpe:2.3:a:monkey-project:monkey:0.8.0
-
cpe:2.3:a:monkey-project:monkey:0.8.1