Oxide WebServer 2.0.4 – Denial of Service

• Exploit Database
• 110 阅读

• 作者： SecPod Research
  日期： 2012-07-20
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/19986/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88

  ############################################################################## # # Title: Oxide Webserver Remote Denial of Service Vulnerability # Author : Antu Sanadi SecPod Technologies (www.secpod.com) # Vendor : http://sourceforge.net/projects/oxide/ # Advisory : http://secpod.org/blog/?p=516 # : http://secpod.org/advisories/SecPod_Oxide_WebServer_DoS_Vuln.txt # Software : Oxide Webserver v2.0.4 and prior. # Date : 29/06/2012 # ###############################################################################   SecPod ID: 104324/01/2012 Issue Discovered 19/06/2012 Vendor Notified No Response from vendor 18/07/2012 Advisory Released     Class: Denial of Service Severity: High     Overview: --------- Oxide Webserver v2.0.4 is prone to a remote Denial of Service vulnerability as it fails to handle crafted requests from the client properly.     Technical Description: ---------------------- The vulnerability is caused by an error in handling some crafted characters in HTTP GET requests, which causes the server to crash.     Impact: -------- Successful exploitation could allow an attacker to crash a vulnerable server.     Affected Software: ------------------ Oxide Webserver version 2.0.4 and prior.     Tested on, Oxide Webserver version 2.0.4 on Windows XP SP3     References: ----------- http://secpod.org/blog/?p=516 http://sourceforge.net/projects/oxide http://sourceforge.net/projects/oxide-ws/files http://secpod.org/advisories/SecPod_Oxide_WebServer_DoS_Vuln.txt     Proof of Concept: ---------------- http://www.example.com:80/?. http://www.example.com:80/<. http://www.example.com:80/$. http://www.example.com:80/cc.     Solution: ---------- Not available     Risk Factor: ------------- CVSS Score Report: ACCESS_VECTOR= NETWORK ACCESS_COMPLEXITY= LOW AUTHENTICATION = NONE CONFIDENTIALITY_IMPACT = NONE INTEGRITY_IMPACT = NONE AVAILABILITY_IMPACT= COMPLETE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL= UNAVAILABLE REPORT_CONFIDENCE= CONFIRMED CVSS Base Score= 7.8 (High) (AV:N/AC:L/Au:N/C:N/I:N/A:C)     Credits: -------- Antu Sanadi of SecPod Technologies has been credited with the discovery of this vulnerability.