CVE-2013-3843

Monkey HTTP Daemon < 1.2.1 - Stack-Based Buffer Overflow via Crafted HTTP Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3843. Includes Metasploit module auxiliary/dos/http/monkey_headers.

AI-analyzed exploit summary This Metasploit module exploits a denial-of-service vulnerability in Monkey HTTPD by sending a malformed HTTP request with improperly formatted headers, causing a segmentation fault. The exploit targets versions <= 1.2.0 and verifies the server's status post-exploitation.

Description

Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/monkey_headers.rb

View Code ZIP pw:eip

This Metasploit module exploits a denial-of-service vulnerability in Monkey HTTPD by sending a malformed HTTP request with improperly formatted headers, causing a segmentation fault. The exploit targets versions <= 1.2.0 and verifies the server's status post-exploitation.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Monkey HTTPD <= 1.2.0

No auth needed

Prerequisites: Network access to the target server · Monkey HTTPD service running on port 2001

MITRE ATT&CK