[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Advisory: CVE-2014-9708: Appweb Web Server

To: fulldisclosure@xxxxxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [FD] Advisory: CVE-2014-9708: Appweb Web Server
From: Matthew Daley <mattd@xxxxxxxxxxx>
Date: Sat, 28 Mar 2015 15:40:18 +1300

Affected software: Appweb Web Server
CVE ID: CVE-2014-9708

Description: An HTTP request with a Range header of the form "Range:
x=," (ie. with an empty range value) will cause a null pointer
dereference, leading to a remotely-triggerable DoS.

Fixed versions: 4.6.6, 5.2.1
Bug entry: https://github.com/embedthis/appweb/issues/413
Fix: 
https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348
Reported by: Matthew Daley

- Matthew Daley

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1
Next by Date: [FD] [CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow
Previous by thread: [FD] Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1
Next by thread: [FD] [CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow
Index(es):
- Date
- Thread