'[oss-security] Advisory: CVE-2014-9708: Appweb Web Server'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Advisory: CVE-2014-9708: Appweb Web Server
From:       Matthew Daley <mattd () bugfuzz ! com>
Date:       2015-03-28 2:40:18
Message-ID: CAD3CancpLUSbzSyPWH7M8oHUbph1LoN5HXsuAZcxty34ygQkiA () mail ! gmail ! com
[Download RAW message or body]

Affected software: Appweb Web Server
CVE ID: CVE-2014-9708

Description: An HTTP request with a Range header of the form "Range:
x=," (ie. with an empty range value) will cause a null pointer
dereference, leading to a remotely-triggerable DoS.

Fixed versions: 4.6.6, 5.2.1
Bug entry: https://github.com/embedthis/appweb/issues/413
Fix: https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348
 Reported by: Matthew Daley

- Matthew Daley

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic