Description
The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/23686
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107652610506968&w=2
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9642
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/poc/monkeydos.zip
Product x_refsource_confirm
http://monkeyd.sourceforge.net/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3921
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15187
Scores
EPSS
0.0934
EPSS Percentile
92.9%
Details
CWE
CWE-20
Status
published
Products (11)
monkey-project/monkey
0.1.1
monkey-project/monkey
0.5.2
monkey-project/monkey
0.6.0
monkey-project/monkey
0.6.1
monkey-project/monkey
0.6.2
monkey-project/monkey
0.6.3
monkey-project/monkey
0.7.0
monkey-project/monkey
0.7.1
monkey-project/monkey
0.7.2
monkey-project/monkey
0.8.0
... and 1 more
Published
Nov 23, 2004
Tracked Since
Feb 18, 2026