| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| Embedthis Software Appweb Denial of Service Vulnerability | 1 Apr 201500:00 | – | cnvd | |
| CVE-2014-9708 | 31 Mar 201500:00 | – | cve | |
| CVE-2014-9708 | 31 Mar 201500:00 | – | cvelist | |
| EUVD-2014-9515 | 7 Oct 202500:30 | – | euvd | |
| CVE-2014-9708 | 31 Mar 201514:59 | – | nvd | |
| Palo Alto PAN-OS DoS Vulnerability (PAN-SA-2016-0027) | 6 Jan 201700:00 | – | openvas | |
| Embedthis Appweb Web Server Remote Denial of Service Vulnerability | 1 Apr 201500:00 | – | openvas | |
| Oracle Critical Patch Update - July 2016 | 19 Jul 201600:00 | – | oracle | |
| Web interface denial of service | 11 Oct 201619:00 | – | paloalto | |
| Web interface denial of service | 11 Oct 201619:00 | – | paloalto |
| Source | Link |
|---|---|
| securityadvisories | www.securityadvisories.paloaltonetworks.com/Home/Detail/60 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(96314);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/06");
script_cve_id("CVE-2014-9708");
script_bugtraq_id(73407);
script_name(english:"Palo Alto Networks PAN-OS Management Interface Remote DoS (PAN-SA-2016-0027)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a denial of service vulnerability.");
script_set_attribute(attribute:"description", value:
"The Palo Alto Networks PAN-OS running on the remote host is affected
by a NULL pointer dereference flaw in the web management interface,
specifically in the parseRange() function within file rx.c, when
handling HTTP requests involving a Range header with an empty value.
An unauthenticated, remote attacker can exploit this, via a specially
crafted request, to cause the Appweb process for the management
interface to terminate, resulting in a denial of service condition.
Note that PAN-OS is reportedly affected by other vulnerabilities as
well; however, Nessus has not tested for these.");
script_set_attribute(attribute:"see_also", value:"https://securityadvisories.paloaltonetworks.com/Home/Detail/60");
script_set_attribute(attribute:"solution", value:
"Upgrade to Palo Alto Networks PAN-OS version 5.0.20 / 5.1.13 /
6.0.15 / 6.1.15 / 7.0.11 / 7.1.6 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-9708");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/31");
script_set_attribute(attribute:"patch_publication_date", value:"2016/10/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/05");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:paloaltonetworks:pan-os");
script_end_attributes();
script_category(ACT_DENIAL);
script_family(english:"Denial of Service");
script_copyright(english:"This script is Copyright (C) 2017-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("palo_alto_webui_detect.nbin");
script_require_keys("www/palo_alto_panos", "Settings/ParanoidReport");
script_require_ports("Services/www", 443);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
# Use lack of response to flag vulnerability is not so reliable
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# Make sure PAN-OS is detected
get_kb_item_or_exit("www/palo_alto_panos");
port = get_http_port(default:443, embedded:TRUE);
# Skip non-https port
if(get_port_transport(port) == ENCAPS_IP)
{
exit(0, "Skip testing non-https port " + port + ".");
}
res = http_send_recv3(
method:"GET",
item: '/',
port:port,
add_headers: make_array('Range', 'x=,'),
exit_on_fail: FALSE
);
req = http_last_sent_request();
# Patched
if(res[0] =~ "^HTTP/[0-9.]+ 416")
{
audit(AUDIT_LISTEN_NOT_VULN, "web server", port);
}
# Vulnerable
# appweb terminates and restarts
else if(! res # seen in 6.1.x
|| res[0] =~ "^HTTP/[0-9.]+ 502") # seen in 7.x
{
security_report_v4(
port : port,
severity : SECURITY_WARNING,
request : make_list(req),
generic : TRUE
);
}
# Unexpected response status
else
{
audit(AUDIT_RESP_BAD, port, 'an HTTP request. Response status:\n' + res[0]);
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation