The Pi3Web ISAPI interface suffers from a denial of service vulnerability that causes the server to crash. Versions 2.0.13 and below are affected.
28ae7b680667cd7af13babc98bd853018075234dc064ab260fbba2178f775bfe
Pi3Web ISAPI DoS vulnerability
Discovered by: Hamid Ebadi
CSIRT Team Member
Amirkabir University CSIRT Laboratory (APALaboratory)
autcert@aut.ac.ir
Introduction
Pi3Web is a free, multithreaded, highlyconfigurable and extensible HTTP server and development environment for crossplatform internet server development and deployment. Pi3web is vulnerable to adenial of service (DoS) vulnerability whenever an invalid ISAPI module isrequested from server.
Vulnerableversion
Pi3Web<=2.0.13
Vulnerability
By requesting the following URL from pi3web theserver crashes:
http://WEB_SITE/isapi/users.txt
EnhPi3.exe -Bad Image
The application or DLL c:\Pi3Web\Isapi\users.txtis not a valid Windows image. Please check this against your installationdiskette The vulnerability is caused.
The crash is due to insufficient checks forincoming requests. Whenever a file in ISAPI directory, which is not a valid DLLis requested, the server tries to load it into memory as a DLL library and a crashhappens.
Workaround
Before an official patch is released, use one ofthe following workarounds to mitigate the problem:
1. Disable ISAPI mapping in server configuration inServer Admin > Mapping Tab.
2. Delete the users.txt, install.daf and readme.daf inISAPI folder.
Credit
This vulnerability has been discovered by HamidEbadi from Amirkabir university CSIRT laboratory.
autcert@aut.ac.ir
https://www.ircert.cc