EspoCRM Double Slash URI Handling Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in EspoCRM versions through 9.1.6. When a user accesses the application with a URL that includes double slashes, and the web server does not remove them, it can corrupt the Slim router's cache. This corruption renders the application unusable until a complete rebuild is performed.

Impact

Exploitation of this vulnerability leads to a corrupted router cache, causing the EspoCRM instance to become unusable until it is rebuilt.

Reproduction

To reproduce this vulnerability, load EspoCRM in a web browser using a URL that contains double slashes. Ensure that the web server is configured to allow the double slashes to pass through without stripping them. This will cause the Slim router's cache to become corrupted.

Remediation

Users can upgrade to EspoCRM version 9.1.7, where this issue has been fixed. Alternatively, web server configurations can be adjusted to strip double slashes from URLs before they reach the application.