Vulnerability Details CVE-2018-8065
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.772
EPSS Ranking 98.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/172676/Flexense-HTTP-Server-10.6.24-Buffer-Overflow-Denial-Of-Service.html
- https://github.com/EgeBalci/Sync_Breeze_Enterprise_10_6_24_-DOS
- https://github.com/rapid7/metasploit-framework/pull/9701
- http://packetstormsecurity.com/files/172676/Flexense-HTTP-Server-10.6.24-Buffer-Overflow-Denial-Of-Service.html
- https://github.com/EgeBalci/Sync_Breeze_Enterprise_10_6_24_-DOS
- https://github.com/rapid7/metasploit-framework/pull/9701
Products affected by CVE-2018-8065
-
cpe:2.3:a:flexense:syncbreeze:10.6.24