CVE-2004-2316
Description
Mbedthis AppWeb before 1.0.2 crashes on GET request with MS-DOS device name like COM1, enabling remote DoS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Mbedthis AppWeb before 1.0.2 crashes on GET request with MS-DOS device name like COM1, enabling remote DoS.
Vulnerability
Mbedthis AppWeb HTTP Server before version 1.0.2 contains a vulnerability where a GET request with an MS-DOS device name (e.g., COM1) causes the server to crash. This issue affects all versions prior to 1.0.2 and requires no special configuration. [1]
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP GET request to the server with a path such as /COM1. No authentication or user interaction is required; only network access to the server is needed. The server will crash upon processing the request. [1]
Impact
Successful exploitation results in a denial of service (DoS), causing the server to crash and become unavailable until manually restarted. There is no impact on confidentiality or integrity, as no data is disclosed or modified. [1]
Mitigation
The vulnerability is fixed in AppWeb version 1.0.2. Users should upgrade to this version or later. No workarounds are documented in the referenced advisory. [1]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <1.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.