CVE-2018-8065

EPSS 77.17%
Veröffentlicht 12.03.2018 04:29:00
Zuletzt bearbeitet 21.11.2024 04:13:12
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flexense ≫ Syncbreeze Version10.6.24 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	77.17%	0.989

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/172676/Flexense-HTTP-Server-10.6.24-Buffer-Overflow-Denial-Of-Service.html

https://github.com/EgeBalci/Sync_Breeze_Enterprise_10_6_24_-DOS

Third Party Advisory

https://github.com/rapid7/metasploit-framework/pull/9701

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2018-8065

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-8065

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-8065

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-8065