Skip to main content

Enterprise Communications Broker CVE-2014-9708

MEDIUM
NULL Pointer Dereference (CWE-476)
2015-03-31 cve@mitre.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Mar 31, 2015 - 14:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".

AnalysisAI

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range:. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". Affected products include: Oracle Enterprise Communications Broker, Embedthis Appweb, Juniper Junos. Version information: before 4.6.6.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2018-11237 HIGH POC
7.8 May 18

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier m

CVE-2021-23017 HIGH POC
7.7 Jun 01

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from t

CVE-2020-8203 HIGH POC
7.4 Jul 15

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Rated high severity (CVSS 7.4), this vul

CVE-2021-23337 HIGH POC
7.2 Feb 15

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Rated high severity (CVS

CVE-2019-10219 MEDIUM POC
6.1 Nov 08

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo

CVE-2021-3711 CRITICAL
9.8 Aug 24

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated cri

CVE-2018-11236 CRITICAL
9.8 May 18

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arg

CVE-2018-6485 CRITICAL
9.8 Feb 01

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or

CVE-2021-29425 MEDIUM POC
4.8 Apr 13

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "/

CVE-2016-3515 HIGH
7.5 Jul 21

Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications

CVE-2020-10725 HIGH
7.7 May 20

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhos

CVE-2020-11080 HIGH
7.5 Jun 03

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. Rated high se

Share

CVE-2014-9708 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy