Info

Disclosure

Dec 14, 2009

Discovery

Nov 10, 2009

Dates

Exploit

Dec 14, 2009

Solution

Nov 27, 2009

Description

The Monkey web server suffers from a remotely exploitable improper input validation vulnerability that allows an attacker to perform denial of service attacks by repeatedly crashing worker threads that process HTTP requests.

Classification

Location: Remote / Network Access, Local / Remote
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 0.9.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Exploit Database: 10469
Generic Informational URL: http://census-labs.com/news/2009/12/14/monkey-httpd/
Vendor Specific News/Changelog Entry: http://freshmeat.net/projects/monkey/releases/308775
Mail List Post: http://seclists.org/bugtraq/2009/Dec/211
Vendor URL: http://www.monkey-project.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/60534