CVE-2014-9708
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".
Date published : 2015-03-31
http://www.securityfocus.com/bid/73407
http://www.securityfocus.com/archive/1/535028/100/0/threaded