CVE-2021-37253
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.04 Low
EPSS
Percentile
91.9%
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application
| CPE | Name | Operator | Version |
|---|---|---|---|
| m-files:m-files_web | m-files m-files web | lt | 20.10.9524.1 |
References
packetstormsecurity.com/files/165139/M-Files-Web-Denial-Of-Service.html
seclists.org/fulldisclosure/2021/Dec/1
vulmon.com/vulnerabilitydetails?qid=CVE-2021-37253
www.m-files.com/about/trust-center/security-advisories/cve-2021-37253-denial-of-service/
www.m-files.com/company/trust-center/vulnerability-disclosure/
www.tenable.com/cve/CVE-2021-37253
Social References
More
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.04 Low
EPSS
Percentile
91.9%