cbcvebase.
CVE-2018-8065
published 2018-03-12

CVE-2018-8065: An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory…

PriorityP269high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
76.54%
99.5th percentile
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.

Affected

1 ranges
VendorProductVersion rangeFixed in
flexensesyncbreeze

Detection & IOCsextracted from sources · hover to see the quote

  • Detect DoS attempts by monitoring for a high volume of HTTP requests (recommended threshold: >1725 packets) with abnormally large Accept headers (4088–5090 bytes) sent to port 80 of Flexense HTTP Server.
  • Fingerprint/check requests can be identified by a bare 'GET / HTTP/1.0' with no headers, followed by inspection of the Server banner for 'Flexense HTTP Server v10.6.24'.
  • Alert on connections that are rapidly opened and closed (connect/disconnect loop) to port 80 with oversized Accept header values, as this is the core exploit delivery pattern.
  • Monitor syncbrs.exe for write access violations / crashes, as the vulnerability manifests as a user-mode write access violation in that process's memory region.
  • ·The exploit targets Flexense HTTP Server 10.6.24 and below; versions above 10.6.24 are reported as not vulnerable. The Metasploit module aborts if the server banner does not match 'Flexense HTTP Server v10.6.24'.
  • ·The packet count and packet size are tunable; the recommended minimum for reliable DoS is 1725 packets with Accept headers of 4088–5090 bytes. Detection thresholds should be calibrated accordingly.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.