CVE-2007-0464

CFNetwork 129.19 - Denial of Service via Crafted HTTP 301 Response

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0464. PoCs published by MoAB.

AI-analyzed exploit summary This exploit is a proof-of-concept for CVE-2007-0464, which targets a vulnerability in certain HTTP clients by sending a malformed HTTP 301 redirect response with a random Content-Length and an invalid Location header. The exploit causes a denial-of-service (DoS) condition in vulnerable clients.

Description

The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MoAB · rubydososx

https://www.exploit-db.com/exploits/3200

View Code ZIP pw:eip

This exploit is a proof-of-concept for CVE-2007-0464, which targets a vulnerability in certain HTTP clients by sending a malformed HTTP 301 redirect response with a random Content-Length and an invalid Location header. The exploit causes a denial-of-service (DoS) condition in vulnerable clients.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: HTTP clients (specific versions not specified in code)

No auth needed

Prerequisites: Network access to the target · Vulnerable HTTP client connecting to the malicious server

MITRE ATT&CK