CVE-2007-4980

GCALDaemon 1.0-beta13 - Denial of Service via Large Content-Length Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4980. PoCs published by ikki.

AI-analyzed exploit summary This exploit sends a malformed HTTP request with an excessively large Content-Length header to trigger a denial-of-service (DoS) condition in GCALDaemon <= 1.0-beta13. The exploit establishes a TCP connection and sends the crafted request, causing the target service to crash or become unresponsive.

Description

The readRequest method in org/gcaldaemon/core/http/HTTPListener.java in GCALDaemon 1.0-beta13 allows remote attackers to cause a denial of service via a large integer value in the Content-Length HTTP header, which triggers a fatal Java OutOfMemoryError.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ikki · perldosmultiple

https://www.exploit-db.com/exploits/4540

View Code ZIP pw:eip

This exploit sends a malformed HTTP request with an excessively large Content-Length header to trigger a denial-of-service (DoS) condition in GCALDaemon <= 1.0-beta13. The exploit establishes a TCP connection and sends the crafted request, causing the target service to crash or become unresponsive.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: GCALDaemon <= 1.0-beta13

No auth needed

Prerequisites: Network access to the target service · Target service running on default or specified port (9090)

MITRE ATT&CK