CVE-2021-27565

Name of the Vulnerable Software and Affected Versions InterNiche NicheStack versions 4.0.1 and earlier

Description The web server in InterNiche NicheStack allows remote attackers to cause a denial of service, resulting in an infinite loop and networking outage, via an unexpected valid HTTP request, such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs loop() debugger hook.

Recommendations For InterNiche NicheStack versions 4.0.1 and earlier, consider disabling the wbs loop() function as a temporary workaround until a patch is available. Restrict access to the web server to minimize the risk of exploitation. Avoid using unexpected valid HTTP requests, such as OPTIONS, in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.