Date: Mon, 06 Apr 2015 15:25:51 +0200 From: Gsunde Orangen <gsunde.orangen@...il.com> To: oss-security@...ts.openwall.com, fulldisclosure@...lists.org, bugtraq@...urityfocus.com Subject: Re: Advisory: CVE-2014-9708: Appweb Web Server Thanks, Matthew, for having spotted this. As only current versions of Appweb (4 & 5) have been addressed so far, but legacy versions (see http://embedthis.com/appweb/download.html) were not mentioned yet in https://github.com/embedthis/appweb/issues/413 : - Appweb V3: vulnerable, too -- Source code audit on Appweb 3.4.2: The vulnerable code is not in the parseRange() function in paks/http/httpLib.c, but similarly in http/request.c -- Verified as vulnerable using a device with Appweb 3.4.1 - Appweb V2: not vulnerable -- Source code audit on Appweb 2.4.4: V2 was writtein in C++ (not C), the Range parser is in request.cpp and handles invalid ranges correctly -- Verified as not vulnerable using a device with Appweb 2.3.1 Gsunde On 2015-03-28, 03:40 Matthew Daley wrote: > Affected software: Appweb Web Server > CVE ID: CVE-2014-9708 > > Description: An HTTP request with a Range header of the form "Range: > x=," (ie. with an empty range value) will cause a null pointer > dereference, leading to a remotely-triggerable DoS. > > Fixed versions: 4.6.6, 5.2.1 > Bug entry: https://github.com/embedthis/appweb/issues/413 > Fix: https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348 > Reported by: Matthew Daley > > - Matthew Daley >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ