CVE-2004-2519

Gattaca Server 2003 1.1.10.0 - Denial of Service via LANGUAGE Parameter Directory Specifiers

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2519. PoCs published by dr_insane.

AI-analyzed exploit summary The provided text describes multiple denial of service vulnerabilities in Gattaca Server 2003 version 1.1.10.0. The vulnerabilities are triggered via crafted HTTP requests to the 'web.tmpl' endpoint with manipulated 'LANGUAGE' parameters, leading to application crashes.

Description

Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en".

Exploits (1)

exploitdb WRITEUP VERIFIED

by dr_insane · textdosmultiple

https://www.exploit-db.com/exploits/24282

View Code ZIP pw:eip

The provided text describes multiple denial of service vulnerabilities in Gattaca Server 2003 version 1.1.10.0. The vulnerabilities are triggered via crafted HTTP requests to the 'web.tmpl' endpoint with manipulated 'LANGUAGE' parameters, leading to application crashes.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: Gattaca Server 2003 version 1.1.10.0

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK