SB2015033104 - Denial of service in Palo Alto PAN-OS
Published: March 31, 2015 Updated: January 3, 2017
Security Bulletin ID
SB2015033104
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Denial of service (CVE-ID: CVE-2014-9708)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness exists due to null pointer dereference. By sending a specially crafted HTTP Range Header value, attackers can trigger the web service crash.
Successful exploitation of the vulnerability leads to denial of service on the vulerable system.
Remediation
Install update from vendor's website.