Pi3Web ISAPI DoS vulnerability
 
Discovered by: Hamid Ebadi
CSIRT Team Member
Amirkabir University CSIRT Laboratory (APALaboratory)
 
autcert@aut.ac.ir
 
 
Introduction
Pi3Web is a free, multithreaded, highlyconfigurable and extensible HTTP server and development environment for crossplatform internet server development and deployment. Pi3web is vulnerable to adenial of service (DoS) vulnerability whenever an invalid ISAPI module isrequested from server.
 
Vulnerableversion
Pi3Web<=2.0.13
 
Vulnerability
By requesting the following URL from pi3web theserver crashes:
http://WEB_SITE/isapi/users.txt
 
EnhPi3.exe -Bad Image
The application or DLL c:\Pi3Web\Isapi\users.txtis not a valid Windows image. Please check this against your installationdiskette The vulnerability is caused.
 
The crash is due to insufficient checks forincoming requests. Whenever a file in ISAPI directory, which is not a valid DLLis requested, the server tries to load it into memory as a DLL library and a crashhappens.
 
Workaround
Before an official patch is released, use one ofthe following workarounds to mitigate the problem:
 
1. Disable ISAPI mapping in server configuration inServer Admin > Mapping Tab.
2. Delete the users.txt, install.daf and readme.daf inISAPI folder. 
 
 
Credit
This vulnerability has been discovered by HamidEbadi from Amirkabir university CSIRT laboratory.
 
autcert@aut.ac.ir
https://www.ircert.cc