Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2017-5850

Published: 27/03/2017 Updated: 03/10/2019
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Openbsd

Vulnerability Summary

httpd in OpenBSD allows remote malicious users to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openbsd 6.0

Exploits

Exploit DB: OpenBSD HTTPd < 6.0 - Memory Exhaustion Denial of Service
## Advisory Information Title: Remote DoS against OpenBSD http server (up to 60) Advisory URL: pierrekimgithubio/advisories/CVE-2017-5850-openbsdtxt Blog URL: pierrekimgithubio/blog/2017-02-07-openbsd-httpd-CVE-2017-5850html Date published: 2017-02-07 Vendors contacted: OpenBSD Release mode: Released CVE: CVE-2017-5850 ## ...
Exploit DB: OpenBSD HTTP Server 6.0 Denial Of Service
OpenBSD HTTP server versions up to 60 suffer from a denial of service vulnerability ...

Recent Articles

Got an OpenBSD Web server? Better patch it
The Register • Richard Chirgwin • 07 Feb 2017

DoS-able bugs splatted

OpenBSD and two of its SSL libraries need patches against a pair of denial-of-service bugs that can crash Web-facing servers. The first is in the operating system's SSL implementation, specifically in the HTTP daemon. An advisory says that daemon can be crashed with repeated SSL renegotiation. A single renegotiation thread, the post claims, can soak up 70 per cent of CPU cycles, meaning if the attacker fires multiple renegotiation threads at the target, the daemon will crash, and “there is no ...

Read more...

References

CWE-770https://www.exploit-db.com/exploits/41278/https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.htmlhttps://github.com/openbsd/src/commit/142cfc82b932bc211218fbd7bdda8c7ce83f19dfhttps://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/017_httpd.patch.sighttps://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/034_httpd.patch.sighttp://www.securitytracker.com/id/1037758http://www.securityfocus.com/bid/95997http://www.openwall.com/lists/oss-security/2017/02/02/6http://seclists.org/fulldisclosure/2017/Feb/15http://packetstormsecurity.com/files/140944/OpenBSD-HTTP-Server-6.0-Denial-Of-Service.htmlhttp://marc.info/?l=openbsd-cvs&m=148587359420912&w=2https://nvd.nist.govhttps://www.exploit-db.com/exploits/41278/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook