CVE-2017-17088

{"id": "CVE-2017-17088", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-12-19T15:29:00.400", "references": [{"url": "http://packetstormsecurity.com/files/145435/Sync-Breeze-10.2.12-Denial-Of-Service.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2017/Dec/45", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/43344/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service."}, {"lang": "es", "value": "La versi\u00f3n Enterprise de SyncBreez en versiones 10.2.12 y anteriores se ve afectada por una vulnerabilidad de denegaci\u00f3n de servicio remota. El servidor web no comprueba los l\u00edmites cuando lee peticiones de servidor en la cabecera del host al realizar una conexi\u00f3n, lo que resulta en un desbordamiento de b\u00fafer cl\u00e1sico que causa una denegaci\u00f3n de servicio."}], "lastModified": "2018-01-04T20:09:50.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flexense:syncbreeze:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "884E0F5F-B14E-4E3D-8D84-6580BC606330", "versionEndIncluding": "10.2.12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}