lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAD3CancpLUSbzSyPWH7M8oHUbph1LoN5HXsuAZcxty34ygQkiA@mail.gmail.com>
Date: Sat, 28 Mar 2015 15:40:18 +1300
From: Matthew Daley <mattd@...fuzz.com>
To: fulldisclosure@...lists.org, oss-security@...ts.openwall.com,
  bugtraq@...urityfocus.com
Subject: Advisory: CVE-2014-9708: Appweb Web Server

Affected software: Appweb Web Server
CVE ID: CVE-2014-9708

Description: An HTTP request with a Range header of the form "Range:
x=," (ie. with an empty range value) will cause a null pointer
dereference, leading to a remotely-triggerable DoS.

Fixed versions: 4.6.6, 5.2.1
Bug entry: https://github.com/embedthis/appweb/issues/413
Fix: https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348
Reported by: Matthew Daley

- Matthew Daley

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ