BugTraq
Back to list
|
Post reply
Advisory: CVE-2014-9708: Appweb Web Server
Mar 28 2015 02:40AM
Matthew Daley (mattd bugfuzz com)
Affected software: Appweb Web Server
CVE ID: CVE-2014-9708
Description: An HTTP request with a Range header of the form "Range:
x=," (ie. with an empty range value) will cause a null pointer
dereference, leading to a remotely-triggerable DoS.
Fixed versions: 4.6.6, 5.2.1
Bug entry: https://github.com/embedthis/appweb/issues/413
Fix: https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd695
9101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348
Reported by: Matthew Daley
- Matthew Daley
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
CVE ID: CVE-2014-9708
Description: An HTTP request with a Range header of the form "Range:
x=," (ie. with an empty range value) will cause a null pointer
dereference, leading to a remotely-triggerable DoS.
Fixed versions: 4.6.6, 5.2.1
Bug entry: https://github.com/embedthis/appweb/issues/413
Fix: https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd695
9101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348
Reported by: Matthew Daley
- Matthew Daley
[ reply ]