CVE-2009-4657

Xerver 4.32 - Unauthenticated Administrator Access via Port 32123

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4657. PoCs published by Dr_IDE.

AI-analyzed exploit summary This is a technical writeup detailing a remote denial of service (DoS) vulnerability in Xerver HTTP Server <= v4.32. The vulnerability is triggered by setting the HTTP server port to a non-numeric value via the web-based configuration interface, causing the server to crash.

Description

The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Dr_IDE · textdoswindows

https://www.exploit-db.com/exploits/9717

View Code ZIP pw:eip

This is a technical writeup detailing a remote denial of service (DoS) vulnerability in Xerver HTTP Server <= v4.32. The vulnerability is triggered by setting the HTTP server port to a non-numeric value via the web-based configuration interface, causing the server to crash.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Xerver HTTP Server <= v4.32

No auth needed

Prerequisites: Remote Setup must be running on port 32123 · Access to the web-based configuration interface

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9717

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36454

Scores

EPSS 0.0215

EPSS Percentile 79.7%

Details

CWE

CWE-287

Status published

Products (1)

omidrouhani/xerver 4.32

Published Mar 03, 2010

Tracked Since Feb 18, 2026