Oxide WebServer 2.0.4 - Denial of Service

EDB-ID:

19986

CVE:





Platform:

Windows

Date:

2012-07-20


##############################################################################
#
# Title    : Oxide Webserver Remote Denial of Service Vulnerability
# Author   : Antu Sanadi SecPod Technologies (www.secpod.com)
# Vendor   : http://sourceforge.net/projects/oxide/
# Advisory : http://secpod.org/blog/?p=516
#	   : http://secpod.org/advisories/SecPod_Oxide_WebServer_DoS_Vuln.txt
# Software : Oxide Webserver v2.0.4 and prior.
# Date     : 29/06/2012
#
###############################################################################

SecPod ID: 1043                                    24/01/2012 Issue Discovered
                                                   19/06/2012 Vendor Notified
	                                           No Response from vendor
                                                   18/07/2012 Advisory Released


Class: Denial of Service                           Severity: High


Overview:
---------
Oxide Webserver v2.0.4 is prone to a remote Denial of Service vulnerability
as it fails to handle crafted requests from the client properly.


Technical Description:
----------------------
The vulnerability is caused by an error in handling some crafted characters
in HTTP GET requests, which causes the server to crash.


Impact:
--------
Successful exploitation could allow an attacker to crash a vulnerable server.


Affected Software:
------------------
Oxide Webserver version 2.0.4 and prior.


Tested on,
Oxide Webserver version 2.0.4 on Windows XP SP3


References:
-----------
http://secpod.org/blog/?p=516
http://sourceforge.net/projects/oxide
http://sourceforge.net/projects/oxide-ws/files
http://secpod.org/advisories/SecPod_Oxide_WebServer_DoS_Vuln.txt


Proof of Concept:
----------------
http://www.example.com:80/?.
http://www.example.com:80/<.
http://www.example.com:80/$.
http://www.example.com:80/cc.


Solution:
----------
Not available


Risk Factor:
-------------
    CVSS Score Report:
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = LOW
        AUTHENTICATION         = NONE
        CONFIDENTIALITY_IMPACT = NONE
        INTEGRITY_IMPACT       = NONE
        AVAILABILITY_IMPACT    = COMPLETE
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 7.8 (High) (AV:N/AC:L/Au:N/C:N/I:N/A:C)


Credits:
--------
Antu Sanadi of SecPod Technologies has been credited with the discovery of this
vulnerability.