CVE-2001-0647

Orange Web Server 2.1 - Denial of Service via HTTP GET Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0647. PoCs published by slipy.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in Orange Software Orange Web Server by sending a malformed GET request via telnet, causing the server to crash. The PoC is minimal and directly leverages the vulnerability as described in the advisory.

Description

Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version.

Exploits (1)

exploitdb WORKING POC VERIFIED

by slipy · textdoswindows

https://www.exploit-db.com/exploits/20655

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in Orange Software Orange Web Server by sending a malformed GET request via telnet, causing the server to crash. The PoC is minimal and directly leverages the vulnerability as described in the advisory.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Orange Software Orange Web Server

No auth needed

Prerequisites: network access to the target server · telnet client

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/165658

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2432

Scores

EPSS 0.0521

EPSS Percentile 91.4%

Details

Status published

Products (1)

orange_software/orange_web_server 2.1

Published Aug 06, 2001

Tracked Since Feb 18, 2026