CVE-2019-5645

By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.
References
Link Resource
https://github.com/rapid7/metasploit-framework/pull/12433 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*

Information

Published : 2020-09-01 03:15

Updated : 2020-09-08 05:31


NVD link : CVE-2019-5645

Mitre link : CVE-2019-5645

Products Affected
CWE