Denial of service in Palo Alto PAN-OS and Oracle Enterprise Communications Broker - CVE-2014-9708
Published: October 13, 2016 / Updated: January 3, 2017
Vulnerability identifier: #VU945
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2014-9708
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Palo Alto Networks, Inc.
Oracle
Oracle
Affected software:
Palo Alto PAN-OS
Oracle Enterprise Communications Broker
Palo Alto PAN-OS
Oracle Enterprise Communications Broker
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness exists due to null pointer dereference. By sending a specially crafted HTTP Range Header value, attackers can trigger the web service crash.
Successful exploitation of the vulnerability leads to denial of service on the vulerable system.
The weakness exists due to null pointer dereference. By sending a specially crafted HTTP Range Header value, attackers can trigger the web service crash.
Successful exploitation of the vulnerability leads to denial of service on the vulerable system.
How to mitigate CVE-2014-9708
Update to version 5.1.13 or later.