CVE-2013-3724

Monkey 1.1.1 - Denial of Service via Null Byte in HTTP Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3724. PoCs published by Doug Prostko.

AI-analyzed exploit summary This exploit demonstrates a denial of service vulnerability in Monkey HTTPD 1.1.1 by sending an HTTP request containing a null byte, which causes a segmentation fault in the server's threads. Repeated requests can crash all threads, rendering the server unavailable.

Description

The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.

Exploits (1)

exploitdb WORKING POC

by Doug Prostko · textdoslinux

https://www.exploit-db.com/exploits/25837

View Code ZIP pw:eip

This exploit demonstrates a denial of service vulnerability in Monkey HTTPD 1.1.1 by sending an HTTP request containing a null byte, which causes a segmentation fault in the server's threads. Repeated requests can crash all threads, rendering the server unavailable.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Monkey HTTPD 1.1.1

No auth needed

Prerequisites: Network access to the target server · Monkey HTTPD 1.1.1 running on the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Patch x_refsource_confirm

http://bugs.monkey-project.com/ticket/181

Scores

EPSS 0.1373

EPSS Percentile 96.0%

Details

CWE

CWE-20

Status published

Products (1)

monkey-project/monkey 1.1.1

Published Aug 01, 2013

Tracked Since Feb 18, 2026