CVE-2014-9708

Exp

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".

Published: 2015-03-31 Last update: 2026-05-06 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2014-9708 is rated High Exploit Risk (74.6/100): CVSS Medium severity, with high exploitation likelihood (EPSS 56.43%, 99th percentile). 3 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +51.11% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2014-9708

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2014-9708

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 5.32% 56.43% +51.11%
2 2026-06-14 4.51% 5.32% +0.81%
3 2026-03-04 4.51%

Full EPSS history (40 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2014-9708

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2014-9708

Affected software / configurations for CVE-2014-9708

Vendor Product Version Raw CPE
oracle enterprise_communications_broker <= 2.0.0 cpe:2.3:a:oracle:enterprise_communications_broker:*:*:*:*:*:*:*:*
embedthis appweb < 4.6.6 cpe:2.3:a:embedthis:appweb:*:*:*:*:*:*:*:*
embedthis appweb >= 5.0.0, < 5.2.1 cpe:2.3:a:embedthis:appweb:*:*:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d40:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d45:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d50:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d55:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d60:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d65:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d66:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d67:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d70:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d71:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d72:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d73:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d76:*:*:*:*:*:*
juniper junos 12.1x46 cpe:2.3:o:juniper:junos:12.1x46:d77:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d30:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d35:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d40:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d45:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d50:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d51:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d55:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d60:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d65:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d66:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d70:*:*:*:*:*:*
juniper junos 12.3x48 cpe:2.3:o:juniper:junos:12.3x48:d75:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:-:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d100:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d110:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d120:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d130:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d131:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d140:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d15:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d150:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d160:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d170:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d25:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d30:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d35:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d40:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d45:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d50:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d55:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d60:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d65:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d70:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d75:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d80:*:*:*:*:*:*
juniper junos 15.1x49 cpe:2.3:o:juniper:junos:15.1x49:d90:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r10-s1:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r10-s2:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r12-s1:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r12-s10:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r12-s11:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r12-s12:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r12-s3:*:*:*:*:*:*
juniper junos 12.3 cpe:2.3:o:juniper:junos:12.3:r12-s4:*:*:*:*:*:*

References for CVE-2014-9708

URL Tags
http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2015/Apr/19 Mailing List Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2015/Mar/158 Exploit Mailing List Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2015/03/28/2 Mailing List Patch
http://www.openwall.com/lists/oss-security/2015/04/06/2 Mailing List Patch
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Patch Third Party Advisory
http://www.securityfocus.com/archive/1/535028/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/archive/1/535028/100/1400/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/73407 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037007 Broken Link Third Party Advisory VDB Entry
https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348 Broken Link Patch
https://github.com/embedthis/appweb/issues/413 Broken Link Exploit Issue Tracking
https://security.paloaltonetworks.com/CVE-2014-9708 Third Party Advisory
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US Third Party Advisory
cvelogic Threat Intelligence