{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2014-9708","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2024-08-06T13:55:04.212Z","dateReserved":"2015-03-23T00:00:00.000Z","datePublished":"2015-03-31T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-06-13T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by \"Range: x=,\"."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"name":"1037007","tags":["vdb-entry"],"url":"http://www.securitytracker.com/id/1037007"},{"url":"https://github.com/embedthis/appweb/issues/413"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"url":"https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348"},{"url":"http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html"},{"name":"20150408 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2015/Apr/19"},{"name":"20150328 Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list"],"url":"http://www.securityfocus.com/archive/1/535028/100/0/threaded"},{"name":"73407","tags":["vdb-entry"],"url":"http://www.securityfocus.com/bid/73407"},{"name":"20150328 Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2015/Mar/158"},{"name":"20150407 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2015/Apr/19"},{"name":"20150327 Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2015/Mar/158"},{"name":"[oss-security] 20150328 Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2015/03/28/2"},{"name":"20150328 Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list"],"url":"http://www.securityfocus.com/archive/1/archive/1/535028/100/1400/threaded"},{"name":"[oss-security] 20150406 Re: Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2015/04/06/2"},{"url":"https://security.paloaltonetworks.com/CVE-2014-9708"},{"url":"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}],"datePublic":"2014-11-26T00:00:00.000Z"},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T13:55:04.212Z"},"title":"CVE Program Container","references":[{"name":"1037007","tags":["vdb-entry","x_transferred"],"url":"http://www.securitytracker.com/id/1037007"},{"url":"https://github.com/embedthis/appweb/issues/413","tags":["x_transferred"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","tags":["x_transferred"]},{"url":"https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348","tags":["x_transferred"]},{"url":"http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html","tags":["x_transferred"]},{"name":"20150408 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2015/Apr/19"},{"name":"20150328 Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list","x_transferred"],"url":"http://www.securityfocus.com/archive/1/535028/100/0/threaded"},{"name":"73407","tags":["vdb-entry","x_transferred"],"url":"http://www.securityfocus.com/bid/73407"},{"name":"20150328 Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2015/Mar/158"},{"name":"20150407 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2015/Apr/19"},{"name":"20150327 Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2015/Mar/158"},{"name":"[oss-security] 20150328 Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2015/03/28/2"},{"name":"20150328 Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list","x_transferred"],"url":"http://www.securityfocus.com/archive/1/archive/1/535028/100/1400/threaded"},{"name":"[oss-security] 20150406 Re: Advisory: CVE-2014-9708: Appweb Web Server","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2015/04/06/2"},{"url":"https://security.paloaltonetworks.com/CVE-2014-9708","tags":["x_transferred"]},{"url":"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US","tags":["x_transferred"]}]}]}}