CVE-2007-3956

TeamSpeak WebServer 2.0 - Denial of Service via Long Username and Password Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3956. PoCs published by YAG KOHHA.

AI-analyzed exploit summary This exploit targets a denial-of-service (DoS) vulnerability in TeamSpeak 2.0 by sending an overly large POST request to the login endpoint, causing high CPU and memory usage. The exploit leverages a lack of input validation and session expiration in the TeamSpeak WebServer.

Description

TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534.

Exploits (1)

exploitdb WORKING POC VERIFIED

by YAG KOHHA · perldoswindows

https://www.exploit-db.com/exploits/4205

View Code ZIP pw:eip

This exploit targets a denial-of-service (DoS) vulnerability in TeamSpeak 2.0 by sending an overly large POST request to the login endpoint, causing high CPU and memory usage. The exploit leverages a lack of input validation and session expiration in the TeamSpeak WebServer.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: TeamSpeak 2.0 (Windows Release)

No auth needed

Prerequisites: Network access to the target TeamSpeak server · TeamSpeak WebServer running on port 14534

MITRE ATT&CK