CVE-2009-3591

Dopewars 1.5.12 - Denial of Service via Invalid REQUESTJET Message

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-3591. PoCs published by Doug Prostko, including Metasploit module auxiliary/dos/misc/dopewars.

AI-analyzed exploit summary This exploit leverages a denial-of-service vulnerability in Dopewars by sending malformed input to the server, causing it to crash. The PoC uses a Ruby one-liner to generate the payload and netcat to deliver it to the target port.

Description

Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Doug Prostko · textdoslinux
https://www.exploit-db.com/exploits/33269

This exploit leverages a denial-of-service vulnerability in Dopewars by sending malformed input to the server, causing it to crash. The PoC uses a Ruby one-liner to generate the payload and netcat to deliver it to the target port.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Dopewars 1.5.12
No auth needed
Prerequisites: Network access to the target server · Dopewars server running on port 7902
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Doug Prostko · textdosmultiple
https://www.exploit-db.com/exploits/10004

The exploit demonstrates a segmentation fault in Dopewars 1.5.12 by sending malformed input to the 'jet' command via a network connection. The lack of input validation causes the application to crash, leading to a denial of service (DoS).

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Dopewars 1.5.12
No auth needed
Prerequisites: Network access to the target application on port 7902
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/misc/dopewars.rb

This Metasploit module exploits a segmentation fault vulnerability in Dopewars 1.5.12 by sending a malformed packet to the 'jet' command, causing a denial of service (DoS). The exploit connects to the target server, sends the crafted packet, and verifies the crash by attempting to reconnect.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Dopewars 1.5.12
No auth needed
Prerequisites: Network access to the target server on port 7902
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36961
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36606
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507012/100/0/threaded

Scores

EPSS 0.7129
EPSS Percentile 98.7%

Details

CWE
CWE-20
Status published
Products (1)
ben_webb/dopewars 1.5.12
Published Oct 08, 2009
Tracked Since Feb 18, 2026