CVE-2006-2222

zawhttpd 0.8.23 - Denial of Service via Backslash URI Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2222. PoCs published by Kamil Sienicki.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in zawhttpd by sending a malformed HTTP GET request with an excessive number of backslashes. The exploit attempts to crash the service, demonstrating a denial-of-service condition.

Description

Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kamil Sienicki · perldoslinux

https://www.exploit-db.com/exploits/1746

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in zawhttpd by sending a malformed HTTP GET request with an excessive number of backslashes. The exploit attempts to crash the service, demonstrating a denial-of-service condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: zawhttpd (version not specified)

No auth needed

Prerequisites: Network access to the target service · Target service running on a vulnerable version of zawhttpd

MITRE ATT&CK