M-Files Web Denial Of Service

Posted by deepcore on December 4, 2021 – 3:16 am

M-Files Web versions prior to 20.10.9524.1 and M-Files Web versions prior to 20.10.9445.0 contain an improper range header processing vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges (via HTTP requests with a specially-crafted Range or Request-Range headers) to cause the web application to compress each of the requested bytes, resulting in a crash due to excessive memory and CPU consumption and preventing users from accessing the system.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Backdoor.Win32.Vernet.axt Insecure Permissions Online Pre-Owned / Used Car Showroom Management System 1.0 SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

M-Files Web Denial Of Service

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL