exploitDog

GHSA-wp3v-g466-8g44

Опубликовано: 05 мая 2021

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

Regular expression denial of service in Rapid7 Metasploit

By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.

Ссылки

EPSS

Процентиль: 99%

0.87878

Высокий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-400

Связанные уязвимости

CVE-2019-5645

CVSS3: 7.5

nvd

больше 5 лет назад

By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.

EPSS

Процентиль: 99%

0.87878

Высокий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-400