CVE-2014-9708

Publication date

2015-03-31 00:00:00

Family

mitre

State

PUBLISHED

Description

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".