HTTP: Flexense SyncBreeze Enterprise ParseHttpHeader Stack Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Flexense SyncBreeze Enterprise ParseHttpHeader. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Flexense SyncBreeze Enterprise.
Extended Description
There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account.
Affected Products
Flexense syncbreeze
References
CVE: CVE-2017-17099
Short Name
HTTP:CTS:FLEXENSE-STCK-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2017-17099 Enterprise Flexense Overflow ParseHttpHeader Stack SyncBreeze
Release Date
03/20/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Flexense