|Oxide Webserver 2.0.4 is prone to a denial of service vulnerability
The information has been provided by Antu Sanadi.
* Oxide Webserver 2.0.4
Oxide Webserver v2.0.4 is prone to a remote Denial of Service vulnerability as it fails to handle crafted requests from the client properly.
The vulnerability is caused by an error in handling some crafted characters in HTTP GET requests, which causes the server to crash.
Successful exploitation could allow an attacker to crash a vulnerable server.
Proof of Concept:
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = LOW
AUTHENTICATION = NONE
CONFIDENTIALITY_IMPACT = NONE
INTEGRITY_IMPACT = NONE
AVAILABILITY_IMPACT = COMPLETE
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = UNAVAILABLE
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 7.8 (High) (AV:N/AC:L/Au:N/C:N/I:N/A:C)
blog comments powered by