Serva 3.0.0 HTTP Server Module Remote Denial of Service Exploit

Title: Serva 3.0.0 HTTP Server Module Remote Denial of Service Exploit
Advisory ID: ZSL-2016-5378
Type: Local/Remote
Impact: DoS
Risk: (3/5)
Release Date: 12.12.2016
Serva is a light (~3 MB), yet powerful Microsoft Windows application. It was conceived mainly as an Automated PXE Server Solution Accelerator. It bundles on a single exe all of the underlying server protocols and services required by the most complex PXE network boot/install scenarios simultaneously delivering Windows and non-Windows assets to BIOS and UEFI based targets.
The vulnerability is caused by the HTML (httpd) module and how it handles TCP requests. This can be exploited to cause a denial of service attack resulting in application crash.


(c1c.4bc): C++ EH exception - code e06d7363 (first chance)
(c1c.4bc): C++ EH exception - code e06d7363 (!!! second chance !!!)
*** WARNING: Unable to verify checksum for C:\Users\lqwrm\Desktop\Serva_Community_32_v3.0.0\Serva32.exe
*** ERROR: Module load completed but symbols could not be loaded for C:\Users\lqwrm\Desktop\Serva_Community_32_v3.0.0\Serva32.exe
eax=03127510 ebx=03127670 ecx=00000003 edx=00000000 esi=03127670 edi=031276a0
eip=74a1c54f esp=03127510 ebp=03127560 iopl=0 nv up ei pl nz ac po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000212
74a1c54f c9 leave
0:013> kb
# ChildEBP RetAddr Args to Child
00 03127560 004abaaf e06d7363 00000001 00000003 KERNELBASE!RaiseException+0x58
WARNING: Stack unwind information not available. Following frames may be wrong.
01 03127598 004cc909 031275b8 005e13e8 6ca23755 Serva32+0xabaaf
02 03127608 004085d3 0211ecf8 03127670 ffffffff Serva32+0xcc909
03 0312761c 004089a5 031276a0 fffffffd 00000004 Serva32+0x85d3
04 0312764c 00408f01 03127670 fffffffd 00000004 Serva32+0x89a5
05 03127698 00413b38 00000000 0040007a 00000000 Serva32+0x8f01
06 031277d8 00000000 00000000 00000000 00000000 Serva32+0x13b38


Patrick Masotta -
Affected Version (Community, Pro, 32/64bit)
Tested On
Microsoft Windows 7 Professional SP1 (EN)
Microsoft Windows 7 Ultimate SP1 (EN)
Vendor Status
[17.11.2016] Vulnerability discovered.
[17.11.2016] Contact with the vendor.
[18.11.2016] Vendor responds asking more details.
[21.11.2016] Sent details to the vendor.
[23.11.2016] Asked vendor for status update.
[11.12.2016] No response from the vendor.
[12.12.2016] Public security advisory released.
Vulnerability discovered by Gjoko Krstic - <>
[12.12.2016] - Initial release
[13.12.2016] - Added reference [1] and [2]
[16.12.2016] - Added reference [3], [4] and [5]
Zero Science Lab