Published: 05/12/2021 Updated: 11/04/2024

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

M-Files Web prior to 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application

Vulnerable Product	Search on Vulmon	Subscribe to Product
m-files m-files web

M-Files Web versions prior to 201095241 and M-Files Web versions prior to 201094450 contain an improper range header processing vulnerability A remote unauthenticated attacker may send crafted requests with overlapping ranges (via HTTP requests with a specially-crafted Range or Request-Range headers) to cause the web application to compress ...

Full Disclosure mailing list archives   By Date By Thread </form>    CVE-2021-37253: M-Files Web Improper Range Header Processing Denial of Services (DoS) Vulnerability <!--X-Subject-Head ...

CWE-444 https://www.m-files.com/company/trust-center/vulnerability-disclosure/http://packetstormsecurity.com/files/165139/M-Files-Web-Denial-Of-Service.html https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-37253 http://seclists.org/fulldisclosure/2021/Dec/1 https://www.tenable.com/cve/CVE-2021-37253 https://www.m-files.com/about/trust-center/security-advisories/cve-2021-37253-denial-of-service/https://nvd.nist.gov https://packetstormsecurity.com/files/165139/M-Files-Web-Denial-Of-Service.html

CVE-2021-37253

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect