Pi3Web ISAPI DoS Vulnerability

2009.08.14
Credit: Hamid Ebadi
Risk: High
Local: No
Remote: Yes
CWE: CWE-20


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Brak
Wpływ na dostępność: Częściowy

Pi3Web ISAPI DoS vulnerability Discovered by: Hamid Ebadi CSIRT Team Member Amirkabir University CSIRT Laboratory (APA Laboratory) autcert@aut.ac.ir Introduction Pi3Web is a free, multithreaded, highly configurable and extensible HTTP server and development environment for cross platform internet server development and deployment. Pi3web is vulnerable to a denial of service (DoS) vulnerability whenever an invalid ISAPI module is requested from server. Vulnerable version Pi3Web <=2.0.3 Vulnerability By requesting the following URL from pi3web the server crashes: http://WEB_SITE/isapi/users.txt EnhPi3.exe -Bad Image The application or DLL c:\Pi3Web\Isapi\users.txt is not a valid Windows image. Please check this against your installation diskette The vulnerability is caused. The crash is due to insufficient checks for incoming requests. Whenever a file in ISAPI directory, which is not a valid DLL is requested, the server tries to load it into memory as a DLL library and a crash happens. Workaround Before an official patch is released, use one of the following workarounds to mitigate the problem: 1. Disable ISAPI mapping in server configuration in Server Admin > Mapping Tab. 2. Delete the users.txt, install.daf and readme.daf in ISAPI folder. Credit This vulnerability has been discovered by Hamid Ebadi from Amirkabir university CSIRT laboratory. autcert@aut.ac.ir https://www.ircert.cc

Referencje:

http://xforce.iss.net/xforce/xfdb/46600
http://www.securityfocus.com/bid/32287
http://www.securityfocus.com/archive/1/498865
http://www.securityfocus.com/archive/1/498771
http://www.securityfocus.com/archive/1/498770
http://www.securityfocus.com/archive/1/498602
http://www.securityfocus.com/archive/1/498575
http://www.osvdb.org/49999
http://www.osvdb.org/49998
http://www.milw0rm.com/exploits/7109
http://secunia.com/advisories/32696
http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top