7.5
CVSSv3

CVE-2021-37253

Published: 05/12/2021 Updated: 31/03/2022
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

** DISPUTED ** M-Files Web prior to 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

m-files m-files web

Mailing Lists

M-Files Web versions prior to 201095241 and M-Files Web versions prior to 201094450 contain an improper range header processing vulnerability A remote unauthenticated attacker may send crafted requests with overlapping ranges (via HTTP requests with a specially-crafted Range or Request-Range headers) to cause the web application to compress ...
I SUMMARY ============================================================================================================================================================= Title: M-Files Web Improper Range Header Processing Denial of Services (DoS) Vulnerability Product: M-Files Web version before 201095241, M-Files Web version before 201094450 ...