CVE-2008-6938
published 2009-08-11CVE-2008-6938: Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a…
PriorityP426medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
26.48%
97.8th percentile
Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| holger_zimmermann | pi3web | <= 2.0.3_pl1 | — |
| holger_zimmermann | pi3web | — | — |
| holger_zimmermann | pi3web | — | — |
| holger_zimmermann | pi3web | — | — |
| holger_zimmermann | pi3web | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests targeting the /isapi/ or /Isapi/ directory for non-DLL files (e.g., .txt, .daf extensions), which trigger the DoS condition on Pi3Web 2.0.3. ↗
- →Monitor for HTTP GET requests to paths matching /isapi/*.txt or /isapi/*.daf as exploitation indicators against Pi3Web servers. ↗
- →A successful exploit may also leak the full server path in the response — monitor for path disclosure in HTTP error responses from Pi3Web. ↗
- ·The vulnerability only applies when Pi3Web is installed on Windows as a desktop application AND without using the Pi3Web/Conf/Intenet.pi3 configuration file. ↗
- ·Mitigation involves deleting the non-DLL files from the ISAPI folder (users.txt, install.daf, readme.daf) to remove the triggerable targets. ↗
- ·Affected versions are Pi3Web 2.0.3 before PL2; the Metasploit module references versions 2.0.13 and earlier as vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Pi3Web 2.0.3 - 'ISAPI' Remote Denial of Service
exploitdb·2008-11-13
CVE-2008-6938 Pi3Web 2.0.3 - 'ISAPI' Remote Denial of Service
Pi3Web 2.0.3 - 'ISAPI' Remote Denial of Service
---
Pi3Web ISAPI DoS vulnerability
Discovered by: Hamid Ebadi
CSIRT Team Member
Amirkabir University CSIRT Laboratory (APA Laboratory)
[email protected]
Introduction
Pi3Web is a free, multithreaded, highly configurable and extensible HTTP server and development environment for cross platform internet server development and deployment. Pi3web is vulnerable to a denial of service (DoS) vulnerability whenever an invalid ISAPI module is requested from server.
Vulnerable version
Pi3Web Mapping Tab.
2. Delete the users.txt, install.daf and readme.daf in ISAPI folder.
Credit
This vulnerability has been discovered by Hamid Ebadi from Amirkabir university CSIRT laboratory.
[email protected]
https://www.ircert.cc
# milw0rm.com [2008-11-13]
Metasploit
Pi3Web ISAPI DoS
metasploit
Pi3Web ISAPI DoS
Pi3Web ISAPI DoS
The Pi3Web HTTP server crashes when a request is made for an invalid DLL file in /isapi for versions 2.0.13 and earlier. By default, the non-DLLs in this directory after installation are users.txt, install.daf and readme.daf.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.htmlhttp://secunia.com/advisories/32696http://www.osvdb.org/49998http://www.osvdb.org/49999http://www.securityfocus.com/archive/1/498575http://www.securityfocus.com/archive/1/498602http://www.securityfocus.com/archive/1/498770http://www.securityfocus.com/archive/1/498771http://www.securityfocus.com/archive/1/498865http://www.securityfocus.com/bid/32287https://exchange.xforce.ibmcloud.com/vulnerabilities/46600https://www.exploit-db.com/exploits/7109http://archives.neohapsis.com/archives/bugtraq/2008-11/0171.htmlhttp://secunia.com/advisories/32696http://www.osvdb.org/49998http://www.osvdb.org/49999http://www.securityfocus.com/archive/1/498575http://www.securityfocus.com/archive/1/498602http://www.securityfocus.com/archive/1/498770http://www.securityfocus.com/archive/1/498771http://www.securityfocus.com/archive/1/498865http://www.securityfocus.com/bid/32287https://exchange.xforce.ibmcloud.com/vulnerabilities/46600https://www.exploit-db.com/exploits/7109
2009-08-11
Published