Denial of Service Vulnerability in Embedthis Appweb Affected by Malformed Range Headers

CVE-2014-9708

What is CVE-2014-9708?

The Embedthis Appweb web server is susceptible to a denial of service attack due to a flaw in the handling of Range headers when the value is empty. An attacker can exploit this vulnerability by sending a specially crafted Range header, resulting in a NULL pointer dereference. This can destabilize the server, leading to service interruptions. The affected versions include all prior to 4.6.6 and the 5.x series before version 5.2.1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References