Weborf

Weborf is a lightweight webserver designed to rapidly share directories. Runs on POSIX systems and is meant to solve this problem.
More details.

News

Inetd

The next release of weborf (0.13) will have support to be used with inetd (xinetd is strongly advised).

· 2010/10/21 11:21 · LtWorf

Released 0.12.3

Released new bugfix version. It fixes a directory traversal so update is strongly advised.

Download

Thanks to Elton Lika for pointing out the problem.

~~DISCUSSION~~

· 2010/09/08 17:55 · LtWorf

Bug tracker

Weborf is now using Lanuchpad for bug reports.

· 2010/08/24 09:27 · LtWorf

Released 0.12.2

Bugfix version 0.12.2 has been released.

This fixes a DoS vulnerability caused due to an error when handling certain HTTP headers. This could be exploited to terminate an affected server via e.g. specially crafted HTTP headers containing wide characters.

Upgrade is strongly advised Download

The new version is already available in debian unstable.

Thanks to ipax of DcLabs Security Group for finding and reporting the issue.

BUGTRAQ ~~DISCUSSION~~

· 2010/06/23 20:21 · LtWorf

Released 0.12.1

Bugfix version 0.12.1 has just been released.

It fixes a DoS bug that will make weborf crash in case of a malformed request.

Upgrade is strongly advised Download

The problem is due to a missing check while parsing the Range header. So for instance a request like the following would make weborf terminate.

GET /index.html HTTP/0.9
Range: 1-2

~~DISCUSSION~~

· 2010/06/03 23:24 · LtWorf

Other sections

start.txt · Last modified: 2013/03/10 11:19 by LtWorf
 
Recent changes RSS feed Valid XHTML 1.0 Valid CSS Driven by DokuWiki