CVE-2014-9708

Currently unrated

Key Information:

Vendor: Oracle
Status: Enterprise Communications Broker
Vendor: CVE Published:; 31 March 2015

Summary

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".

References

http://www.securitytracker.com/id/1037007

vdb-entry

https://github.com/embedthis/appweb/issues/413

http://www.oracle.com/technetwork/security-advisory/cpuju...

Timeline

Vulnerability published
Mar 31, 2015
Vulnerability Reserved
Mar 23, 2015