Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2017-5850

Description

httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.

POC

Reference

- http://packetstormsecurity.com/files/140944/OpenBSD-HTTP-Server-6.0-Denial-Of-Service.html

- http://seclists.org/fulldisclosure/2017/Feb/15

- https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html

- https://www.exploit-db.com/exploits/41278/

Github

- https://github.com/ARPSyndicate/cvemon

- https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough