CVE-2014-9708

Published: Mar 31, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

1037007

vdb-entry

https://github.com/embedthis/appweb/issues/413

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348

http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html

20150408 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server

mailing-list

20150328 Advisory: CVE-2014-9708: Appweb Web Server

mailing-list

73407

vdb-entry

20150328 Advisory: CVE-2014-9708: Appweb Web Server

mailing-list

20150407 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server

mailing-list

20150327 Advisory: CVE-2014-9708: Appweb Web Server

mailing-list

[oss-security] 20150328 Advisory: CVE-2014-9708: Appweb Web Server

mailing-list

20150328 Advisory: CVE-2014-9708: Appweb Web Server

mailing-list

[oss-security] 20150406 Re: Advisory: CVE-2014-9708: Appweb Web Server

mailing-list

https://security.paloaltonetworks.com/CVE-2014-9708

https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-9708

Description

Affected Products

References