NULL pointer dereference in Embedthis Appweb

CVE-2014-9708

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".

EPSS: 0.045 (89.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

1037007 (Third Party Advisory, VDB Entry, vdb-entry, Broken Link)
cve@mitre.org (Exploit, Issue Tracking, Broken Link)
cve@mitre.org (Patch, Third Party Advisory)
cve@mitre.org (Patch, Broken Link)
cve@mitre.org (Exploit, VDB Entry, Third Party Advisory)
20150408 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server (mailing-list, Mailing List, Third Party Advisory, VDB Entry)
20150328 Advisory: CVE-2014-9708: Appweb Web Server (mailing-list, Third Party Advisory, VDB Entry, Broken Link)
73407 (Third Party Advisory, VDB Entry, vdb-entry, Broken Link)
20150328 Advisory: CVE-2014-9708: Appweb Web Server (mailing-list, Exploit, Mailing List, Third Party Advisory, VDB Entry)
[oss-security] 20150328 Advisory: CVE-2014-9708: Appweb Web Server (mailing-list, Patch, Mailing List)