[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2017-5850Date: (C)2017-03-31   (M)2023-12-22


httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 7.8
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: COMPLETE
Integrity: NONE 
Availability: HIGH 
  
Reference:
SECTRACK-1037758
http://seclists.org/fulldisclosure/2017/Feb/15
EXPLOIT-DB-41278
BID-95997
http://marc.info/?l=openbsd-cvs&m=148587359420912&w=2
http://www.openwall.com/lists/oss-security/2017/02/02/6
http://packetstormsecurity.com/files/140944/OpenBSD-HTTP-Server-6.0-Denial-Of-Service.html
https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/034_httpd.patch.sig
https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/017_httpd.patch.sig
https://github.com/openbsd/src/commit/142cfc82b932bc211218fbd7bdda8c7ce83f19df
https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html

CWE    1
CWE-770

© SecPod Technologies