CVE-2018-8065

HIGH

Flexense SyncBreeze Enterprise <10.6.24 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-8065. PoCs published by Ege Balci, EgeBalci, Ege Balci <[email protected]>, including Metasploit module auxiliary/dos/http/flexense_http_server_dos.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow vulnerability in Flexense HTTP Server by sending multiple HTTP requests with long Accept headers, causing a denial of service (DoS). The exploit checks for the vulnerable server version and then floods it with malformed packets.

Description

An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.

Exploits (3)

exploitdb WORKING POC
by Ege Balci · rubyremotemultiple
https://www.exploit-db.com/exploits/51493

This Metasploit module exploits a buffer overflow vulnerability in Flexense HTTP Server by sending multiple HTTP requests with long Accept headers, causing a denial of service (DoS). The exploit checks for the vulnerable server version and then floods it with malformed packets.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Flexense HTTP Server <= 10.6.24
No auth needed
Prerequisites: Network access to the target server · Target running Flexense HTTP Server <= 10.6.24
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 6 stars
by EgeBalci · poc
https://github.com/EgeBalci/CVE-2018-8065

This repository contains a working proof-of-concept exploit for CVE-2018-8065, a denial-of-service vulnerability in Flexense HTTP Server <= 10.6.24. The exploit sends malformed HTTP requests with long header values to trigger a user-mode write access violation, crashing the server.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Flexense HTTP Server <= 10.6.24
No auth needed
Prerequisites: Network access to the target server · Flexense HTTP Server running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Ege Balci <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/flexense_http_server_dos.rb

This Metasploit module exploits a Denial of Service (DoS) vulnerability in Flexense HTTP Server by sending HTTP requests with long header values, causing a user mode write access memory violation.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Flexense HTTP Server v10.6.24 and below
No auth needed
Prerequisites: Network access to the target server · Target running vulnerable Flexense HTTP Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.7963
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (1)
flexense/syncbreeze 10.6.24
Published Mar 12, 2018
Tracked Since Feb 18, 2026