CVE-2018-8065

Опубликовано: 12 мар. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Высокий

Описание

An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.

Ссылки

http://packetstormsecurity.com/files/172676/Flexense-HTTP-Server-10.6.24-Buffer-Overflow-Denial-Of-Service.html
https://github.com/EgeBalci/Sync_Breeze_Enterprise_10_6_24_-DOS
Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/9701
Issue Tracking
Third Party Advisory
http://packetstormsecurity.com/files/172676/Flexense-HTTP-Server-10.6.24-Buffer-Overflow-Denial-Of-Service.html
https://github.com/EgeBalci/Sync_Breeze_Enterprise_10_6_24_-DOS
Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/9701
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flexense:syncbreeze:10.6.24:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 99%

0.77166

Высокий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-f79v-qgfc-86w3