Vulnerability Details CVE-2014-9708
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 85.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2015/Apr/19
- http://seclists.org/fulldisclosure/2015/Mar/158
- http://www.openwall.com/lists/oss-security/2015/03/28/2
- http://www.openwall.com/lists/oss-security/2015/04/06/2
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/archive/1/535028/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/535028/100/1400/threaded
- http://www.securityfocus.com/bid/73407
- http://www.securitytracker.com/id/1037007
- https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348
- https://github.com/embedthis/appweb/issues/413
- https://security.paloaltonetworks.com/CVE-2014-9708
- https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US
- http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2015/Apr/19
- http://seclists.org/fulldisclosure/2015/Mar/158
- http://www.openwall.com/lists/oss-security/2015/03/28/2
- http://www.openwall.com/lists/oss-security/2015/04/06/2
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/archive/1/535028/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/535028/100/1400/threaded
- http://www.securityfocus.com/bid/73407
- http://www.securitytracker.com/id/1037007
- https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348
- https://github.com/embedthis/appweb/issues/413
- https://security.paloaltonetworks.com/CVE-2014-9708
- https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US
Products affected by CVE-2014-9708
-
cpe:2.3:a:embedthis:appweb:4.0.0
-
cpe:2.3:a:embedthis:appweb:4.1.0
-
cpe:2.3:a:embedthis:appweb:4.2.0
-
cpe:2.3:a:embedthis:appweb:4.3.0
-
cpe:2.3:a:embedthis:appweb:4.3.1
-
cpe:2.3:a:embedthis:appweb:4.3.2
-
cpe:2.3:a:embedthis:appweb:4.3.3
-
cpe:2.3:a:embedthis:appweb:4.3.4
-
cpe:2.3:a:embedthis:appweb:4.3.5
-
cpe:2.3:a:embedthis:appweb:4.3.6
-
cpe:2.3:a:embedthis:appweb:4.4.0
-
cpe:2.3:a:embedthis:appweb:4.4.3
-
cpe:2.3:a:embedthis:appweb:4.4.4
-
cpe:2.3:a:embedthis:appweb:4.5.0
-
cpe:2.3:a:embedthis:appweb:4.5.1
-
cpe:2.3:a:embedthis:appweb:4.5.2
-
cpe:2.3:a:embedthis:appweb:4.5.3
-
cpe:2.3:a:embedthis:appweb:4.5.4
-
cpe:2.3:a:embedthis:appweb:4.5.5
-
cpe:2.3:a:embedthis:appweb:4.5.6
-
cpe:2.3:a:embedthis:appweb:4.6.0
-
cpe:2.3:a:embedthis:appweb:4.6.1
-
cpe:2.3:a:embedthis:appweb:4.6.2
-
cpe:2.3:a:embedthis:appweb:4.6.3
-
cpe:2.3:a:embedthis:appweb:4.6.4
-
cpe:2.3:a:embedthis:appweb:4.6.5
-
cpe:2.3:a:embedthis:appweb:5.0.0
-
cpe:2.3:a:embedthis:appweb:5.1.0
-
cpe:2.3:a:embedthis:appweb:5.2.0
-
cpe:2.3:a:oracle:enterprise_communications_broker:1.0.0
-
cpe:2.3:a:oracle:enterprise_communications_broker:2.0.0
-
cpe:2.3:h:juniper:ex2200-c:-
-
cpe:2.3:h:juniper:ex2200-vc:-
-
cpe:2.3:h:juniper:ex2200:-
-
cpe:2.3:h:juniper:ex2300-24mp:-
-
cpe:2.3:h:juniper:ex2300-24p:-
-
cpe:2.3:h:juniper:ex2300-24t:-
-
cpe:2.3:h:juniper:ex2300-48mp:-
-
cpe:2.3:h:juniper:ex2300-48p:-
-
cpe:2.3:h:juniper:ex2300-48t:-
-
cpe:2.3:h:juniper:ex2300-c:-
-
cpe:2.3:h:juniper:ex2300:-
-
cpe:2.3:h:juniper:ex2300m:-
-
cpe:2.3:h:juniper:ex3200:-
-
cpe:2.3:h:juniper:ex3300-vc:-
-
cpe:2.3:h:juniper:ex3300:-
-
cpe:2.3:h:juniper:ex3400:-
-
cpe:2.3:h:juniper:ex4200-vc:-
-
cpe:2.3:h:juniper:ex4200:-
-
cpe:2.3:h:juniper:ex4300-24p-s:-
-
cpe:2.3:h:juniper:ex4300-24p:-
-
cpe:2.3:h:juniper:ex4300-24t-s:-
-
cpe:2.3:h:juniper:ex4300-24t:-
-
cpe:2.3:h:juniper:ex4300-32f-dc:-
-
cpe:2.3:h:juniper:ex4300-32f-s:-
-
cpe:2.3:h:juniper:ex4300-32f:-
-
cpe:2.3:h:juniper:ex4300-48mp-s:-
-
cpe:2.3:h:juniper:ex4300-48mp:-
-
cpe:2.3:h:juniper:ex4300-48p-s:-
-
cpe:2.3:h:juniper:ex4300-48p:-
-
cpe:2.3:h:juniper:ex4300-48t-afi:-
-
cpe:2.3:h:juniper:ex4300-48t-dc-afi:-
-
cpe:2.3:h:juniper:ex4300-48t-dc:-
-
cpe:2.3:h:juniper:ex4300-48t-s:-
-
cpe:2.3:h:juniper:ex4300-48t:-
-
cpe:2.3:h:juniper:ex4300-48tafi:-
-
cpe:2.3:h:juniper:ex4300-48tdc-afi:-
-
cpe:2.3:h:juniper:ex4300-48tdc:-
-
cpe:2.3:h:juniper:ex4300-mp:-
-
cpe:2.3:h:juniper:ex4300-vc:-
-
cpe:2.3:h:juniper:ex4300:-
-
cpe:2.3:h:juniper:ex4300m:-
-
cpe:2.3:h:juniper:ex4400:-
-
cpe:2.3:h:juniper:ex4500-vc:-
-
cpe:2.3:h:juniper:ex4500:-
-
cpe:2.3:h:juniper:ex4550-vc:-
-
cpe:2.3:h:juniper:ex4550/vc:-
-
cpe:2.3:h:juniper:ex4550:-
-
cpe:2.3:h:juniper:ex4600-vc:-
-
cpe:2.3:h:juniper:ex4600:-
-
cpe:2.3:h:juniper:ex4650:-
-
cpe:2.3:h:juniper:ex6200:-
-
cpe:2.3:h:juniper:ex6210:-
-
cpe:2.3:h:juniper:ex8200-vc:-
-
cpe:2.3:h:juniper:ex8200:-
-
cpe:2.3:h:juniper:ex8208:-
-
cpe:2.3:h:juniper:ex8216:-
-
cpe:2.3:h:juniper:ex9200:-
-
cpe:2.3:h:juniper:ex9204:-
-
cpe:2.3:h:juniper:ex9208:-
-
cpe:2.3:h:juniper:ex9214:-
-
cpe:2.3:h:juniper:ex9250:-
-
cpe:2.3:h:juniper:ex9251:-
-
cpe:2.3:h:juniper:ex9253:-
-
cpe:2.3:h:juniper:mx10000:-
-
cpe:2.3:h:juniper:mx10003:-
-
cpe:2.3:h:juniper:mx10008:-
-
cpe:2.3:h:juniper:mx10016:-
-
cpe:2.3:h:juniper:mx104:-
-
cpe:2.3:h:juniper:mx10:-
-
cpe:2.3:h:juniper:mx150:-
-
cpe:2.3:h:juniper:mx2008:-
-
cpe:2.3:h:juniper:mx2010:-
-
cpe:2.3:h:juniper:mx2020:-
-
cpe:2.3:h:juniper:mx204:-
-
cpe:2.3:h:juniper:mx240:-
-
cpe:2.3:h:juniper:mx40:-
-
cpe:2.3:h:juniper:mx480:-
-
cpe:2.3:h:juniper:mx5:-
-
cpe:2.3:h:juniper:mx80:-
-
cpe:2.3:h:juniper:mx960:-
-
cpe:2.3:h:juniper:mx:-
-
cpe:2.3:h:juniper:ptx1000-72q:-
-
cpe:2.3:h:juniper:ptx10000:-
-
cpe:2.3:h:juniper:ptx10001-36mr:-
-
cpe:2.3:h:juniper:ptx100016:-
-
cpe:2.3:h:juniper:ptx10001:-
-
cpe:2.3:h:juniper:ptx10002-60c:-
-
cpe:2.3:h:juniper:ptx10002:-
-
cpe:2.3:h:juniper:ptx10003:-
-
cpe:2.3:h:juniper:ptx10003_160c:-
-
cpe:2.3:h:juniper:ptx10003_80c:-
-
cpe:2.3:h:juniper:ptx10003_81cd:-
-
cpe:2.3:h:juniper:ptx10004:-
-
cpe:2.3:h:juniper:ptx10008:-
-
cpe:2.3:h:juniper:ptx1000:-
-
cpe:2.3:h:juniper:ptx10016:-
-
cpe:2.3:h:juniper:ptx3000:-
-
cpe:2.3:h:juniper:ptx5000:-
-
cpe:2.3:h:juniper:qfx10000:-
-
cpe:2.3:h:juniper:srx100:-
-
cpe:2.3:h:juniper:srx110:-
-
cpe:2.3:h:juniper:srx1400:-
-
cpe:2.3:h:juniper:srx1500:-
-
cpe:2.3:h:juniper:srx210:-
-
cpe:2.3:h:juniper:srx220:-
-
cpe:2.3:h:juniper:srx240:-
-
cpe:2.3:h:juniper:srx240h2:-
-
cpe:2.3:h:juniper:srx240m:-
-
cpe:2.3:h:juniper:srx300:-
-
cpe:2.3:h:juniper:srx320:-
-
cpe:2.3:h:juniper:srx3400:-
-
cpe:2.3:h:juniper:srx340:-
-
cpe:2.3:h:juniper:srx345:-
-
cpe:2.3:h:juniper:srx3600:-
-
cpe:2.3:h:juniper:srx380:-
-
cpe:2.3:h:juniper:srx4000:-
-
cpe:2.3:h:juniper:srx4100:-
-
cpe:2.3:h:juniper:srx4200:-
-
cpe:2.3:h:juniper:srx4600:-
-
cpe:2.3:h:juniper:srx5000:-
-
cpe:2.3:h:juniper:srx5400:-
-
cpe:2.3:h:juniper:srx550:-
-
cpe:2.3:h:juniper:srx550_hm:-
-
cpe:2.3:h:juniper:srx550m:-
-
cpe:2.3:h:juniper:srx5600:-
-
cpe:2.3:h:juniper:srx5800:-
-
cpe:2.3:h:juniper:srx650:-
-
cpe:2.3:h:juniper:t1600:-
-
cpe:2.3:h:juniper:t320:-
-
cpe:2.3:h:juniper:t4000:-
-
cpe:2.3:h:juniper:t640:-
-
cpe:2.3:o:juniper:junos:12.1x46
-
cpe:2.3:o:juniper:junos:12.3
-
cpe:2.3:o:juniper:junos:12.3x48
-
cpe:2.3:o:juniper:junos:15.1
-
cpe:2.3:o:juniper:junos:15.1x49
-
cpe:2.3:o:juniper:junos:15.1x53
-
cpe:2.3:o:juniper:junos:16.1
-
cpe:2.3:o:juniper:junos:16.2
-
cpe:2.3:o:juniper:junos:17.1
-
cpe:2.3:o:juniper:junos:17.2
-
cpe:2.3:o:juniper:junos:17.3
-
cpe:2.3:o:juniper:junos:17.4
-
cpe:2.3:o:juniper:junos:18.1
-
cpe:2.3:o:juniper:junos:18.2
-
cpe:2.3:o:juniper:junos:18.3
-
cpe:2.3:o:juniper:junos:18.4