{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25613", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T13:24:05.342Z", "datePublished": "2026-03-22T13:38:46.199Z", "dateUpdated": "2026-03-23T16:15:54.636Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:46.199Z"}, "datePublic": "2019-05-07T00:00:00.000Z", "title": "Easy Chat Server 3.1 Denial of Service via message Parameter", "descriptions": [{"lang": "en", "value": "Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Verification of Source of a Communication Channel", "cweId": "CWE-940", "type": "CWE"}]}], "affected": [{"vendor": "Echatserver", "product": "Easy Chat", "versions": [{"version": "3.1", "status": "affected"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:echatserver:easy_chat_server:3.1:*:*:*:*:*:*:*"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46806", "name": "ExploitDB-46806", "tags": ["exploit"]}, {"url": "http://www.echatserver.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.echatserver.com/ecssetup.exe", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Easy Chat Server 3.1 Denial of Service via message Parameter", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/easy-chat-server-denial-of-service-via-message-parameter"}], "credits": [{"lang": "en", "value": "Miguel Mendez Z", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:15:41.803643Z", "id": "CVE-2019-25613", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:15:54.636Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Easy Chat Server 3.1 Denial of Service via message Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Miguel Mendez Z"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Echatserver", "product": "Easy Chat", "versions": [{"status": "affected", "version": "3.1"}]}], "datePublic": "2019-05-07T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46806", "name": "ExploitDB-46806", "tags": ["exploit"]}, {"url": "http://www.echatserver.com", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "http://www.echatserver.com/ecssetup.exe", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/easy-chat-server-denial-of-service-via-message-parameter", "name": "VulnCheck Advisory: Easy Chat Server 3.1 Denial of Service via message Parameter", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-940", "description": "Improper Verification of Source of a Communication Channel"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:echatserver:easy_chat_server:3.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:46.199Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25613", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:15:41.803643Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-23T16:15:49.974Z"}}]}, "cveMetadata": {"cveId": "CVE-2019-25613", "state": "PUBLISHED", "dateUpdated": "2026-03-22T13:38:46.199Z", "dateReserved": "2026-03-22T13:24:05.342Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:46.199Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:echatserver:easy_chat_server:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "20AF962E-DD61-4EB0-9D7C-B58970080AB4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash."}, {"lang": "es", "value": "Easy Chat Server 3.1 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes remotos bloquear la aplicaci\u00f3n enviando datos de tama\u00f1o excesivo en el par\u00e1metro message. Los atacantes pueden establecer una sesi\u00f3n a trav\u00e9s del endpoint chat.ghp y luego enviar una solicitud POST a body2.ghp con un valor del par\u00e1metro message excesivamente grande para causar el bloqueo del servicio."}], "id": "CVE-2019-25613", "lastModified": "2026-04-02T20:52:19.313", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:29.740", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Broken Link"], "url": "http://www.echatserver.com"}, {"source": "disclosure@vulncheck.com", "tags": ["Broken Link"], "url": "http://www.echatserver.com/ecssetup.exe"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46806"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/easy-chat-server-denial-of-service-via-message-parameter"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-940"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Easy Chat", "source": "cna", "vendor": "Echatserver"}, "product": "easy_chat_server", "vendor": "echatserver"}], "analysis": {"en": {"generated_at": "2026-03-22T14:37:31.667093+00:00", "value": {"mitigation_remediation": ["Check for and apply any official patch or newer version of Easy Chat Server that corrects the input\u2011validation issue.", "If a patch is unavailable, configure the server to reject or truncate excessively large message parameters before they are processed by the application logic.", "Implement network\u2011level controls such as rate limiting or deep packet inspection to block oversized POST requests targeting the body2.ghp endpoint.", "Monitor application logs and performance metrics for unexpected crashes and ensure automated alerts are active.", "Review firewall or proxy rules to restrict maximum request size or reject requests that exceed a safe threshold.", "If external access to chat.ghp or body2.ghp is not required, consider disabling or limiting these endpoints from outside the trusted network."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Easy Chat Server version 3.1, distributed by the vendor Echatserver. Only this version and component are listed as affected; no other releases are known to be impacted.", "description_and_impact": "Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. By establishing a session via the chat.ghp endpoint and then sending a POST request to body2.ghp with an excessively large message payload, the service crashes, which results in an interruption of availability for users of the chat server. This disruption could be exploited to hinder legitimate users\u2019 access to real\u2011time communication.", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high\u2011severity denial of service flaw. Though EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, the remote nature of the attack and lack of input validation keep the risk elevated. An attacker can exploit it by sending a large HTTP POST parameter to the body2.ghp endpoint from any network that can reach the server, leading to service crashes without affecting confidentiality or integrity."}}}}, "created": "2026-03-23T09:46:08.027306+00:00", "updated": "2026-03-25T14:46:03.048549+00:00", "vendors": ["echatserver", "echatserver$PRODUCT$easy_chat_server"]}