Vulnerability CVE-2017-16249


Published: 2017-11-09   Modified: 2017-11-10

Description:
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Debut Embedded httpd 1.20 Denial of Service
z00n
06.11.2017

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Brother -> Dcp-j132w firmware 

 References:
http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html
https://www.exploit-db.com/exploits/43119/
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211
https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033

Copyright 2024, cxsecurity.com

 

Back to Top