CVE-2014-9708

Name of the Vulnerable Software and Affected Versions Embedthis Appweb versions 4.6.6 and earlier, 5.x before 5.2.1 PAN-OS versions prior to 5.0.20 PAN-OS versions prior to 5.1.13 PAN-OS versions prior to 6.0.15 PAN-OS versions prior to 6.1.15 PAN-OS versions prior to 7.0.11 PAN-OS versions prior to 7.1.6

Description The issue allows remote attackers to cause a denial of service via a Range header with an empty value, as demonstrated by "Range: x=,". This pre-authenticated denial-of-service attack could disrupt the web management interface.

Recommendations For Embedthis Appweb versions 4.6.6 and earlier, update to version 4.6.6 or later. For Embedthis Appweb 5.x before 5.2.1, update to version 5.2.1 or later. For PAN-OS versions prior to 5.0.20, update to version 5.0.20 or later. For PAN-OS versions prior to 5.1.13, update to version 5.1.13 or later. For PAN-OS versions prior to 6.0.15, update to version 6.0.15 or later. For PAN-OS versions prior to 6.1.15, update to version 6.1.15 or later. For PAN-OS versions prior to 7.0.11, update to version 7.0.11 or later. For PAN-OS versions prior to 7.1.6, update to version 7.1.6 or later. As a temporary workaround, consider restricting access to the web management interface until a patch is available.