Xerver HTTP Server - exploit.company

vendor:

Xerver HTTP Server

by:

Dr_IDE

7.5

CVSS

HIGH

Remote Denial of Service

400

CWE

Product Name: Xerver HTTP Server

Affected Version From: v4.32

Affected Version To: v4.32

Patch Exists: NO

Related CWE: N/A

CPE: a:xerver:xerver_http_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XPSP3

2009

Xerver HTTP Server <= v4.32 Remote Denial of Service

Xerver v4.32 is a Windows based HTTP server. This is the latest version of the application available. Xerver v4.32 is vulnerable to a remote denial of service through following means. Xerver ships with a web based configuration program, essentially making this DoS remote if and when the Remote Setup is running. The admin package runs on port 32123 and does not require any form of authentication to make changes to the server configuration. If the HTTP Server port is set to any kind of letter combination, the server will crash and be unable to be restarted unless the configuration file is manually edited to remove the letters and put back to a number (ie. 80).

Mitigation:

Ensure that the HTTP Server port is set to a number and not any kind of letter combination.

Source

Exploit-DB raw data:

#################################################################################
#                                                                   	     	#
# Xerver HTTP Server <= v4.32 Remote Denial of Service	 		        #
# Found By:	Dr_IDE				                                #
# Download:	http://www.javascript.nu/xerver                          	#
# Tested On:	Windows XPSP3                                            	#
#                                                                        	#
#################################################################################

- Description -

Xerver v4.32 is a Windows based HTTP server. This is the latest version of
the application available.

Xerver v4.32 is vulnerable to a remote denial of service through following means.

Xerver ships with a web based configuration program, essentially making this DoS
remote if and when the Remote Setup is running.

The admin package runs on port 32123 and does not require any form of 
authentication to make changes to the server configuration.

- Bug -

If the HTTP Server port is set to any kind of letter combination, the server will
crash and be unable to be restarted unless the configuration file is manually
edited to remove the letters and put back to a number (ie. 80).

- Example -

1. http://172.16.2.101:32123/?action=wizardStep1
2. Enter anything in the port field, "Dr_IDE"
3. Click Save and Continue

- Results - 

The server will crash hard, and you will be unable to restart it. You must edit the 
configuration file, Xerver2.cfg and replace the first line of the file with a Port
number.

- Note - 

I tried to make this a possible XSS attack but I couldn't manage. Perhaps someone 
else can figure it out.

Methods and variables of interest for this attack:

SubmitForm()
document.myForm.portNR.value="80" # default, any letters here would kill the server

# milw0rm.com [2009-09-18]