Date: Sat, 28 Mar 2015 15:40:18 +1300 From: Matthew Daley <mattd@...fuzz.com> To: fulldisclosure@...lists.org, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: Advisory: CVE-2014-9708: Appweb Web Server Affected software: Appweb Web Server CVE ID: CVE-2014-9708 Description: An HTTP request with a Range header of the form "Range: x=," (ie. with an empty range value) will cause a null pointer dereference, leading to a remotely-triggerable DoS. Fixed versions: 4.6.6, 5.2.1 Bug entry: https://github.com/embedthis/appweb/issues/413 Fix: https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348 Reported by: Matthew Daley - Matthew Daley
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.