Monkey-project : Security Vulnerabilities, CVEs, (Denial of service)
Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.
Max CVSS
4.3
EPSS Score
1.27%
Published
2014-08-26
Updated
2020-03-26
CVE-2013-3843
Public exploit
Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.
Max CVSS
6.8
EPSS Score
35.87%
Published
2014-06-13
Updated
2020-03-26
The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.
Max CVSS
5.0
EPSS Score
40.24%
Published
2013-08-01
Updated
2020-03-26
Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header.
Max CVSS
5.0
EPSS Score
1.04%
Published
2014-06-13
Updated
2020-03-26
Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file.
Max CVSS
5.0
EPSS Score
1.04%
Published
2005-05-02
Updated
2020-03-26
Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").
Max CVSS
7.5
EPSS Score
2.50%
Published
2005-04-14
Updated
2020-03-26
The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.
Max CVSS
5.0
EPSS Score
9.19%
Published
2004-11-23
Updated
2020-03-26
The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header.
Max CVSS
5.0
EPSS Score
1.50%
Published
2003-12-31
Updated
2020-03-26
The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.
Max CVSS
5.0
EPSS Score
4.46%
Published
2002-12-31
Updated
2020-03-26
9 vulnerabilities found