Description
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.
Published: 2026-03-22
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. By establishing a session via the chat.ghp endpoint and then sending a POST request to body2.ghp with an excessively large message payload, the service crashes, which results in an interruption of availability for users of the chat server. This disruption could be exploited to hinder legitimate users’ access to real‑time communication.

Affected Systems

The vulnerability affects Easy Chat Server version 3.1, distributed by the vendor Echatserver. Only this version and component are listed as affected; no other releases are known to be impacted.

Risk and Exploitability

The CVSS score of 8.7 indicates a high‑severity denial of service flaw. Though EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, the remote nature of the attack and lack of input validation keep the risk elevated. An attacker can exploit it by sending a large HTTP POST parameter to the body2.ghp endpoint from any network that can reach the server, leading to service crashes without affecting confidentiality or integrity.

Generated by OpenCVE AI on March 22, 2026 at 14:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply any official patch or newer version of Easy Chat Server that corrects the input‑validation issue.
  • If a patch is unavailable, configure the server to reject or truncate excessively large message parameters before they are processed by the application logic.
  • Implement network‑level controls such as rate limiting or deep packet inspection to block oversized POST requests targeting the body2.ghp endpoint.
  • Monitor application logs and performance metrics for unexpected crashes and ensure automated alerts are active.
  • Review firewall or proxy rules to restrict maximum request size or reject requests that exceed a safe threshold.
  • If external access to chat.ghp or body2.ghp is not required, consider disabling or limiting these endpoints from outside the trusted network.

Generated by OpenCVE AI on March 22, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.
Title Easy Chat Server 3.1 Denial of Service via message Parameter
First Time appeared Echatserver
Echatserver easy Chat Server
Weaknesses CWE-940
CPEs cpe:2.3:a:echatserver:easy_chat_server:3.1:*:*:*:*:*:*:*
Vendors & Products Echatserver
Echatserver easy Chat Server
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Echatserver Easy Chat Server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:15:54.636Z

Reserved: 2026-03-22T13:24:05.342Z

Link: CVE-2019-25613

cve-icon Vulnrichment

Updated: 2026-03-23T16:15:49.974Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-22T14:16:29.740

Modified: 2026-04-02T20:52:19.313

Link: CVE-2019-25613

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:03Z

Weaknesses