CVE-2010-2435

Salvo Tomaselli Weborf HTTP Server - Improper Input Validation

Title source: rule

Description

Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Crash · textdosmultiple

https://www.exploit-db.com/exploits/14012

View Code ZIP pw:eip

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/511953/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40322

Release Notes x_refsource_confirm

http://freshmeat.net/projects/weborf/releases/318531

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/41064

Scores

EPSS 0.0395

EPSS Percentile 88.4%

Details

CWE

CWE-20

Status published

Products (4)

salvo_tomaselli/weborf_http_server 0.10

salvo_tomaselli/weborf_http_server 0.11

salvo_tomaselli/weborf_http_server 0.12

salvo_tomaselli/weborf_http_server < 0.12.1

Published Jun 24, 2010

Tracked Since Feb 18, 2026