RSS   Vulnerabilities for 'Appweb'   RSS

2018-08-17
 
CVE-2018-15505

CWE-476
 

 
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.

 
 
CVE-2018-15504

CWE-476
 

 
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.

 
2018-03-14
 
CVE-2018-8715

CWE-287
 

 
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.

 
2015-03-31
 
CVE-2014-9708

CWE-Other
 

 
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".

 

 >>> Vendor: Embedthis 3 Products
Goahead
Appweb
Goahead web server


Copyright 2018, cxsecurity.com

 

Back to Top