Easy Chat Server 3.1 Denial of Service Vulnerability (CVE-2019-25613)
Easy Chat Server 3.1 is vulnerable to a denial-of-service attack where a remote attacker can crash the application by sending oversized data in the message parameter via a POST request to the body2.ghp endpoint after establishing a session, leading to service unavailability.
Easy Chat Server 3.1 is susceptible to a denial-of-service (DoS) vulnerability identified as CVE-2019-25613. This vulnerability allows an unauthenticated remote attacker to crash the application by sending an excessively large message parameter. The attack involves first establishing a session with the server via the chat.ghp endpoint. The attacker then sends a specially crafted POST request to the body2.ghp endpoint, including a message parameter containing oversized data. Successful…
Detection coverage 2
Detect POST Requests to body2.ghp with Large Message Parameter
mediumDetects POST requests to body2.ghp with a message parameter exceeding a defined threshold, indicating a potential denial-of-service attempt.
Detect Access to chat.ghp Followed by body2.ghp with Large Message
mediumDetects access to chat.ghp followed by a POST request to body2.ghp with an unusually large message, indicating a potential denial-of-service attack.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
4
url