| 34 | |
| 35 | |
| 36 | def http_handler(self, conn, request, response): |
| 37 | if response == None: |
| 38 | # Denial of Service (no server response) |
| 39 | try: |
| 40 | rangestr = request.headers.get("range", '') |
| 41 | # check range value to reduce false positive rate |
| 42 | if not rangestr.endswith('18446744073709551615'): |
| 43 | return |
| 44 | except: |
| 45 | return |
| 46 | self.write('MS15-034 DoS [Request Method: "{0}" URI: "{1}" Range: "{2}"]'.format(request.method, request.uri, rangestr), conn.info()) |
| 47 | return conn, request, response |
| 48 | |
| 49 | else: |
| 50 | # probing for vulnerable server |
| 51 | try: |
| 52 | rangestr = request.headers.get("range", '') |
| 53 | if not rangestr.endswith('18446744073709551615'): |
| 54 | return |
| 55 | except: |
| 56 | return |
| 57 | |
| 58 | # indication of vulnerable server |
| 59 | if rangestr and (response.status == '416' or \ |
| 60 | response.reason == 'Requested Range Not Satisfiable'): |
| 61 | self.write('MS15-034 Vulnerable Server [Request Method: "{0}" Range: "{1}"]'.format(request.method,rangestr), conn.info()) |
| 62 | return conn, request, response |
| 63 | |
| 64 | |