CVE-2017-16249

Name: CVE-2017-16249
Creator: NVD / NIST
Published: 2017-11-10T02:29:18.607+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 59.39%

Last modified Jun 17, 2026

CVE-2017-16249 is a vulnerability of currently unknown severity. The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. EPSS estimates a 59.39% chance of exploitation in the next 30 days.

Description

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.

Metrics

EPSS Probability

59.39%

99.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Brother	Dcp-J132w Firmware	<= 1.20

References

http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.htmlExploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/43119/Exploit, Third Party Advisory, VDB Entry
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211Exploit, Third Party Advisory
https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033Third Party Advisory
http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.htmlExploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/43119/Exploit, Third Party Advisory, VDB Entry
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211Exploit, Third Party Advisory
https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033Third Party Advisory

Timeline

Published: Nov 10, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-16249?

How severe is CVE-2017-16249?

Severity scoring for CVE-2017-16249 is pending analysis. The EPSS model estimates a 59.39% probability of exploitation in the next 30 days.

How do I fix CVE-2017-16249?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-16249?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST