[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <5522895F.7000209@gmail.com>
Date: Mon, 06 Apr 2015 15:25:51 +0200
From: Gsunde Orangen <gsunde.orangen@...il.com>
To: oss-security@...ts.openwall.com, fulldisclosure@...lists.org,
bugtraq@...urityfocus.com
Subject: Re: [FD] [oss-security] Advisory: CVE-2014-9708: Appweb Web Server
Thanks, Matthew, for having spotted this.
As only current versions of Appweb (4 & 5) have been addressed so far,
but legacy versions (see http://embedthis.com/appweb/download.html) were
not mentioned yet in https://github.com/embedthis/appweb/issues/413 :
- Appweb V3: vulnerable, too
-- Source code audit on Appweb 3.4.2:
The vulnerable code is not in the parseRange() function in
paks/http/httpLib.c, but similarly in http/request.c
-- Verified as vulnerable using a device with Appweb 3.4.1
- Appweb V2: not vulnerable
-- Source code audit on Appweb 2.4.4:
V2 was writtein in C++ (not C), the Range parser is in request.cpp and
handles invalid ranges correctly
-- Verified as not vulnerable using a device with Appweb 2.3.1
Gsunde
On 2015-03-28, 03:40 Matthew Daley wrote:
> Affected software: Appweb Web Server
> CVE ID: CVE-2014-9708
>
> Description: An HTTP request with a Range header of the form "Range:
> x=," (ie. with an empty range value) will cause a null pointer
> dereference, leading to a remotely-triggerable DoS.
>
> Fixed versions: 4.6.6, 5.2.1
> Bug entry: https://github.com/embedthis/appweb/issues/413
> Fix: https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348
> Reported by: Matthew Daley
>
> - Matthew Daley
>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists