Denial of Service Vulnerability in Embedthis Appweb Affected by Malformed Range Headers
CVE-2014-9708

Currently unrated

Key Information:

Vendor: Oracle
Status: Enterprise Communications Broker
Vendor: CVE Published:; 31 March 2015

Summary

The Embedthis Appweb web server is susceptible to a denial of service attack due to a flaw in the handling of Range headers when the value is empty. An attacker can exploit this vulnerability by sending a specially crafted Range header, resulting in a NULL pointer dereference. This can destabilize the server, leading to service interruptions. The affected versions include all prior to 4.6.6 and the 5.x series before version 5.2.1.

References

http://www.securitytracker.com/id/1037007

vdb-entry

https://github.com/embedthis/appweb/issues/413

http://www.oracle.com/technetwork/security-advisory/cpuju...

Timeline

Vulnerability published
Mar 31, 2015
Vulnerability Reserved
Mar 23, 2015