Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".
CVSS Score
5.0
EPSS Score
0.04
Published
2015-03-31
Page 6