CWE-284

NVD-CWE-noinfo

AND
     OR
          *cpe:2.3:o:brother:dcp-j132w_firmware:*:*:*:*:*:*:*:* versions up to (including) 1.20
     OR
          cpe:2.3:h:brother:dcp-j132w:-:*:*:*:*:*:*:*

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-284

http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html No Types Assigned

http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/43119/ No Types Assigned

https://www.exploit-db.com/exploits/43119/ Exploit, Third Party Advisory, VDB Entry

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211 No Types Assigned

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211 Exploit, Third Party Advisory

https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033 No Types Assigned

https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033 Third Party Advisory

The Debut embedded http server 1.20 contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.

The Debut embedded http server 1.20 contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.  NOTE: this might overlap CVE-2017-12568.

The Debut embedded http server 1.20 contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211 [No Types Assigned]

https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033 [No Types Assigned]