CVE-2018-25193
Denial of Service in Mongoose Web Server via Malformed Connections
Publication date: 2026-03-06
Last updated on: 2026-03-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cesanta | mongoose_web_server | to 6.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1188 | The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2018-25193 is a denial of service vulnerability in Mongoose Web Server version 6.9 and earlier. It allows remote attackers to crash the server by repeatedly establishing multiple socket connections to the default port and sending malformed data.'}, {'type': 'paragraph', 'content': "This behavior exhausts the server's resources, causing the service to become unavailable."}, {'type': 'paragraph', 'content': 'The vulnerability requires no privileges, user interaction, or authentication, and can be exploited remotely over the network.'}] [1]
How can this vulnerability impact me? :
The vulnerability can cause a denial of service condition by exhausting server resources.
This results in the Mongoose Web Server crashing and becoming unavailable, which can disrupt services relying on it.
Since the attack can be performed remotely without authentication, it poses a significant risk to availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for an unusually high number of socket connections to the Mongoose Web Server\'s default port (usually port 8080). Repeated connection attempts sending malformed data such as the payload "BOOM" can indicate an ongoing attack.'}, {'type': 'paragraph', 'content': "A practical detection method is to use network monitoring tools or commands to observe multiple simultaneous connections to the server's port 8080."}, {'type': 'list_item', 'content': "Use netstat to check for many connections on port 8080: netstat -an | grep ':8080' | grep ESTABLISHED"}, {'type': 'list_item', 'content': 'Use tcpdump or Wireshark to capture and analyze traffic on port 8080 for repeated malformed payloads.'}, {'type': 'list_item', 'content': 'On Linux, use: sudo lsof -i :8080 to list open connections to the port.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include limiting the number of simultaneous connections to the Mongoose Web Server's default port to prevent resource exhaustion."}, {'type': 'paragraph', 'content': 'Implement firewall rules or rate limiting to block or throttle repeated connection attempts from the same IP address.'}, {'type': 'paragraph', 'content': 'If possible, update the Mongoose Web Server to a version later than 6.9 where this vulnerability is fixed.'}, {'type': 'paragraph', 'content': 'Monitor server logs and network traffic for signs of attack and respond by blocking offending IPs.'}] [1, 2]