CVE-2002-0406

Menasoft SPHERE server 0.99x and 0.5x - Unauthenticated Denial of Service via Connection Flood

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0406. PoCs published by H Zero Seven.

AI-analyzed exploit summary This exploit is a proof-of-concept for a denial-of-service vulnerability in Menasoft SPHEREserver 0.99. It repeatedly establishes connections to the target server, exhausting available connections and preventing legitimate users from connecting.

Description

Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in.

Exploits (1)

exploitdb WORKING POC VERIFIED

by H Zero Seven · cdosmultiple

https://www.exploit-db.com/exploits/21337

View Code ZIP pw:eip

This exploit is a proof-of-concept for a denial-of-service vulnerability in Menasoft SPHEREserver 0.99. It repeatedly establishes connections to the target server, exhausting available connections and preventing legitimate users from connecting.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Menasoft SPHEREserver 0.99

No auth needed

Prerequisites: Network access to the target server · Target server must be running Menasoft SPHEREserver 0.99

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory mailing-list x_refsource_bugtraq

http://online.securityfocus.com/archive/1/259334

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/8338.php

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4258

Scores

EPSS 0.0714

EPSS Percentile 93.5%

Details

Status published

Products (2)

menasoft/sphereserver 0.99f

menasoft/sphereserver 0.99i

Published Jul 26, 2002

Tracked Since Feb 18, 2026