M-Files Web versions prior to 20.10.9524.1 and M-Files Web versions prior to 20.10.9445.0 contain an improper range header processing vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges (via HTTP requests with a specially-crafted Range or Request-Range headers) to cause the web application to compress each of the requested bytes, resulting in a crash due to excessive memory and CPU consumption and preventing users from accessing the system.
156f6be8e8269992c6311ee1cad599e1338e7f7bf24b2810bb20c39727986b7c