CVE-2002-0748 PoC — LabVIEW Web Server服务拒绝漏洞

Source

https://github.com/fauzanwijaya/CVE-2002-0748

Associated Vulnerability

Title:LabVIEW Web Server服务拒绝漏洞 (CVE-2002-0748)
Description:LabVIEW Web Server 5.1.1 至6.1版本存在漏洞。远程攻击者可以借助两个换行字符（而不是预定carriage返回/换行组合）尾部的HTTP GET请求导致服务拒绝（崩溃），

Description

Proof of concept for LabVIEW Web Server HTTP Get Newline DoS vulnerability

Readme

## Synopsis
(G)old exploit - the remote web server is prone to a denial of service attack.

## Description
It was possible to kill the web server by sending a request that ends with two LF characters instead of the normal sequence CR LF CR LF (CR = carriage return, LF = line feed).

An attacker can exploit this vulnerability to make this server and all LabView applications crash.

## Gleen Research Center | NASA - LabVIEW Web Server DoS Vulnerability
![image](https://github.com/fauzanwijaya/CVE-2002-0748/assets/139438257/3c105c01-7bef-4ad2-8755-8930eaaefa97)

## Solution
Upgrade your LabView software or run the web server with logging disabled.

## References
https://seclists.org/bugtraq/2002/Apr/334

File Snapshot


 [4.0K]  /data/pocs/b1a82c161765d90a68ce53dfeb589aba50e3f2a6
├── [1.7K]  exploit.py
└── [ 710]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!