Search criteria
14 vulnerabilities found for appweb by embedthis
VAR-201808-0470
Vulnerability from variot - Updated: 2024-11-23 21:08An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. Embedthis GoAhead and Appweb for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Embedthis GoAhead and Appweb are both products of Embedthis Software in the United States. Embedthis GoAhead is an embedded Web server. Appweb is a fast and small web server, which is mainly used for embedded applications, devices and web services, and supports security defense strategies, digest authentication, virtual hosts, etc. Embedthis GoAhead versions prior to 4.0.1 and Appweb versions prior to 7.0.2 have a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0470",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "15.1x53"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "18.2"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "18.3"
},
{
"model": "goahead",
"scope": "lt",
"trust": 1.0,
"vendor": "embedthis",
"version": "4.0.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "12.3"
},
{
"model": "appweb",
"scope": "lt",
"trust": 1.0,
"vendor": "embedthis",
"version": "7.0.2"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "17.3"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "17.4"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "15.1x49"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "17.2"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "16.2"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "17.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "15.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "18.4"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "12.3x48"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "18.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "16.1"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.8,
"vendor": "embedthis",
"version": "4.0.1"
},
{
"model": "appweb",
"scope": null,
"trust": 0.8,
"vendor": "embedthis",
"version": null
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.3.4"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.3.5"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.3.3"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.3.1"
},
{
"model": "appweb",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "4.6.5"
},
{
"model": "appweb",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "5.2.0"
},
{
"model": "appweb",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "5.1.0"
},
{
"model": "appweb",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "5.0.0"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.0.0"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.3.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009304"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-526"
},
{
"db": "NVD",
"id": "CVE-2018-15504"
}
]
},
"cve": "CVE-2018-15504",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-15504",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-125770",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-15504",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-15504",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15504",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-15504",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-526",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-125770",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125770"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009304"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-526"
},
{
"db": "NVD",
"id": "CVE-2018-15504"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. Embedthis GoAhead and Appweb for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Embedthis GoAhead and Appweb are both products of Embedthis Software in the United States. Embedthis GoAhead is an embedded Web server. Appweb is a fast and small web server, which is mainly used for embedded applications, devices and web services, and supports security defense strategies, digest authentication, virtual hosts, etc. Embedthis GoAhead versions prior to 4.0.1 and Appweb versions prior to 7.0.2 have a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15504"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009304"
},
{
"db": "VULHUB",
"id": "VHN-125770"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15504",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU92569237",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009304",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-526",
"trust": 0.7
},
{
"db": "JUNIPER",
"id": "JSA10948",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2562",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-125770",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125770"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009304"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-526"
},
{
"db": "NVD",
"id": "CVE-2018-15504"
}
]
},
"id": "VAR-201808-0470",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-125770"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:08:37.453000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NULL\u00a0dereference\u00a0for\u00a0invalid\u00a0Host\u00a0and\u00a0If-Modified-*\u00a0headers\u00a0#605 GitHub",
"trust": 0.8,
"url": "https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef"
},
{
"title": "Embedthis GoAhead and Appweb Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=84129"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009304"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-526"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125770"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009304"
},
{
"db": "NVD",
"id": "CVE-2018-15504"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef"
},
{
"trust": 1.7,
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"trust": 1.7,
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"trust": 1.6,
"url": "https://supportportal.juniper.net/s/article/2019-07-security-bulletin-junos-os-j-web-denial-of-service-due-to-multiple-vulnerabilities-in-embedthis-appweb-server"
},
{
"trust": 1.6,
"url": "https://supportportal.juniper.net/s/article/2021-07-security-bulletin-junos-os-multiple-j-web-vulnerabilities-resolved"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92569237/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15504"
},
{
"trust": 0.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10948"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/embedthis-goahead-appweb-null-pointer-dereference-via-http-request-29746"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2562/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125770"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009304"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-526"
},
{
"db": "NVD",
"id": "CVE-2018-15504"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-125770"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009304"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-526"
},
{
"db": "NVD",
"id": "CVE-2018-15504"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-18T00:00:00",
"db": "VULHUB",
"id": "VHN-125770"
},
{
"date": "2018-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009304"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-526"
},
{
"date": "2018-08-18T03:29:00.237000",
"db": "NVD",
"id": "CVE-2018-15504"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-125770"
},
{
"date": "2023-05-11T08:50:00",
"db": "JVNDB",
"id": "JVNDB-2018-009304"
},
{
"date": "2023-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-526"
},
{
"date": "2024-11-21T03:50:57.413000",
"db": "NVD",
"id": "CVE-2018-15504"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-526"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Embedthis\u00a0GoAhead\u00a0 and \u00a0Appweb\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009304"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-526"
}
],
"trust": 0.6
}
}
VAR-201808-0471
Vulnerability from variot - Updated: 2024-11-23 20:32An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address. Embedthis GoAhead and Appweb for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Embedthis GoAhead and Appweb are both products of Embedthis Software in the United States. Embedthis GoAhead is an embedded Web server. Appweb is a fast and small web server, which is mainly used for embedded applications, devices and web services, and supports security defense strategies, digest authentication, virtual hosts, etc. There are security vulnerabilities in Embedthis GoAhead versions prior to 4.0. and Appweb versions prior to 7.0.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0471",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "15.1x49"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "15.1x53"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "17.2"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "16.2"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "17.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "15.1"
},
{
"model": "goahead",
"scope": "lt",
"trust": 1.0,
"vendor": "embedthis",
"version": "4.0.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "12.3"
},
{
"model": "appweb",
"scope": "lt",
"trust": 1.0,
"vendor": "embedthis",
"version": "7.0.2"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "12.3x48"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "17.3"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "17.4"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "18.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "16.1"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.8,
"vendor": "embedthis",
"version": "4.0.1"
},
{
"model": "appweb",
"scope": null,
"trust": 0.8,
"vendor": "embedthis",
"version": null
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.3.4"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.3.6"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.3.5"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.3.3"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.3.1"
},
{
"model": "appweb",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "4.6.5"
},
{
"model": "appweb",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "5.2.0"
},
{
"model": "appweb",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "5.1.0"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.0.0"
},
{
"model": "goahead",
"scope": "eq",
"trust": 0.6,
"vendor": "embedthis",
"version": "3.3.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009303"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-525"
},
{
"db": "NVD",
"id": "CVE-2018-15505"
}
]
},
"cve": "CVE-2018-15505",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-15505",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-125771",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-15505",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-15505",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15505",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-15505",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-525",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-125771",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009303"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-525"
},
{
"db": "NVD",
"id": "CVE-2018-15505"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted \"Host\" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing \u0027]\u0027 character in an IPv6 address. Embedthis GoAhead and Appweb for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Embedthis GoAhead and Appweb are both products of Embedthis Software in the United States. Embedthis GoAhead is an embedded Web server. Appweb is a fast and small web server, which is mainly used for embedded applications, devices and web services, and supports security defense strategies, digest authentication, virtual hosts, etc. There are security vulnerabilities in Embedthis GoAhead versions prior to 4.0. and Appweb versions prior to 7.0.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15505"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009303"
},
{
"db": "VULHUB",
"id": "VHN-125771"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15505",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU92569237",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009303",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-525",
"trust": 0.7
},
{
"db": "JUNIPER",
"id": "JSA10948",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2562",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-125771",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009303"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-525"
},
{
"db": "NVD",
"id": "CVE-2018-15505"
}
]
},
"id": "VAR-201808-0471",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-125771"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:32:59.811000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NULL\u00a0dereference\u00a0for\u00a0invalid\u00a0Host\u00a0and\u00a0If-Modified-*\u00a0headers\u00a0#605 GitHub",
"trust": 0.8,
"url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
},
{
"title": "Embedthis GoAhead and Appweb Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=84128"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009303"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-525"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009303"
},
{
"db": "NVD",
"id": "CVE-2018-15505"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
},
{
"trust": 1.7,
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"trust": 1.7,
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"trust": 1.6,
"url": "https://supportportal.juniper.net/s/article/2021-07-security-bulletin-junos-os-multiple-j-web-vulnerabilities-resolved?language=en_us"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92569237/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15505"
},
{
"trust": 0.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10948"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/embedthis-goahead-appweb-null-pointer-dereference-via-host-header-29747"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2562/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009303"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-525"
},
{
"db": "NVD",
"id": "CVE-2018-15505"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-125771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009303"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-525"
},
{
"db": "NVD",
"id": "CVE-2018-15505"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-18T00:00:00",
"db": "VULHUB",
"id": "VHN-125771"
},
{
"date": "2018-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009303"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-525"
},
{
"date": "2018-08-18T03:29:00.457000",
"db": "NVD",
"id": "CVE-2018-15505"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-125771"
},
{
"date": "2023-05-11T08:50:00",
"db": "JVNDB",
"id": "JVNDB-2018-009303"
},
{
"date": "2023-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-525"
},
{
"date": "2024-11-21T03:50:57.637000",
"db": "NVD",
"id": "CVE-2018-15505"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-525"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Embedthis\u00a0GoAhead\u00a0 and \u00a0Appweb\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009303"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-525"
}
],
"trust": 0.6
}
}
CVE-2021-33254 (GCVE-0-2021-33254)
Vulnerability from nvd – Published: 2022-06-01 14:31 – Updated: 2024-08-03 23:42
VLAI?
Summary
An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://awxylitol.github.io/2021/05/09/embedthis-appweb-npd-bug.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T14:31:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://awxylitol.github.io/2021/05/09/embedthis-appweb-npd-bug.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://awxylitol.github.io/2021/05/09/embedthis-appweb-npd-bug.html",
"refsource": "MISC",
"url": "https://awxylitol.github.io/2021/05/09/embedthis-appweb-npd-bug.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33254",
"datePublished": "2022-06-01T14:31:57",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:42:20.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15689 (GCVE-0-2020-15689)
Vulnerability from nvd – Published: 2020-07-13 13:48 – Updated: 2024-08-04 13:22
VLAI?
Summary
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/embedthis/appweb-gpl/issues/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-19T23:44:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/embedthis/appweb-gpl/issues/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/appweb-gpl/issues/2",
"refsource": "CONFIRM",
"url": "https://github.com/embedthis/appweb-gpl/issues/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15689",
"datePublished": "2020-07-13T13:48:39",
"dateReserved": "2020-07-13T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15505 (GCVE-0-2018-15505)
Vulnerability from nvd – Published: 2018-08-18 00:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted \"Host\" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing \u0027]\u0027 character in an IPv6 address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15505",
"datePublished": "2018-08-18T00:00:00",
"dateReserved": "2018-08-17T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15504 (GCVE-0-2018-15504)
Vulnerability from nvd – Published: 2018-08-18 00:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef"
},
{
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved"
},
{
"url": "https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15504",
"datePublished": "2018-08-18T00:00:00",
"dateReserved": "2018-08-17T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8715 (GCVE-0-2018-8715)
Vulnerability from nvd – Published: 2018-03-14 20:00 – Updated: 2024-08-05 07:02
VLAI?
Summary
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:25.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/issues/610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-8715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/appweb/issues/610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-8715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/appweb/issues/610",
"refsource": "MISC",
"url": "https://github.com/embedthis/appweb/issues/610"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3676",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3676"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2018-8715",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2018-8715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8715",
"datePublished": "2018-03-14T20:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T07:02:25.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9708 (GCVE-0-2014-9708)
Vulnerability from nvd – Published: 2015-03-31 00:00 – Updated: 2024-08-06 13:55
VLAI?
Summary
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037007",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037007"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/issues/413"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html"
},
{
"name": "20150408 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/19"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535028/100/0/threaded"
},
{
"name": "73407",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73407"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/158"
},
{
"name": "20150407 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/19"
},
{
"name": "20150327 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/158"
},
{
"name": "[oss-security] 20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/2"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/535028/100/1400/threaded"
},
{
"name": "[oss-security] 20150406 Re: Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/06/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2014-9708"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by \"Range: x=,\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1037007",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037007"
},
{
"url": "https://github.com/embedthis/appweb/issues/413"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348"
},
{
"url": "http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html"
},
{
"name": "20150408 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/19"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/535028/100/0/threaded"
},
{
"name": "73407",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/73407"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/158"
},
{
"name": "20150407 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/19"
},
{
"name": "20150327 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/158"
},
{
"name": "[oss-security] 20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/2"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/535028/100/1400/threaded"
},
{
"name": "[oss-security] 20150406 Re: Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/06/2"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2014-9708"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9708",
"datePublished": "2015-03-31T00:00:00",
"dateReserved": "2015-03-23T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33254 (GCVE-0-2021-33254)
Vulnerability from cvelistv5 – Published: 2022-06-01 14:31 – Updated: 2024-08-03 23:42
VLAI?
Summary
An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://awxylitol.github.io/2021/05/09/embedthis-appweb-npd-bug.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T14:31:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://awxylitol.github.io/2021/05/09/embedthis-appweb-npd-bug.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://awxylitol.github.io/2021/05/09/embedthis-appweb-npd-bug.html",
"refsource": "MISC",
"url": "https://awxylitol.github.io/2021/05/09/embedthis-appweb-npd-bug.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33254",
"datePublished": "2022-06-01T14:31:57",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:42:20.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15689 (GCVE-0-2020-15689)
Vulnerability from cvelistv5 – Published: 2020-07-13 13:48 – Updated: 2024-08-04 13:22
VLAI?
Summary
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/embedthis/appweb-gpl/issues/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-19T23:44:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/embedthis/appweb-gpl/issues/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/appweb-gpl/issues/2",
"refsource": "CONFIRM",
"url": "https://github.com/embedthis/appweb-gpl/issues/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15689",
"datePublished": "2020-07-13T13:48:39",
"dateReserved": "2020-07-13T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15505 (GCVE-0-2018-15505)
Vulnerability from cvelistv5 – Published: 2018-08-18 00:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted \"Host\" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing \u0027]\u0027 character in an IPv6 address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15505",
"datePublished": "2018-08-18T00:00:00",
"dateReserved": "2018-08-17T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15504 (GCVE-0-2018-15504)
Vulnerability from cvelistv5 – Published: 2018-08-18 00:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef"
},
{
"url": "https://github.com/embedthis/appweb/issues/605"
},
{
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved"
},
{
"url": "https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15504",
"datePublished": "2018-08-18T00:00:00",
"dateReserved": "2018-08-17T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8715 (GCVE-0-2018-8715)
Vulnerability from cvelistv5 – Published: 2018-03-14 20:00 – Updated: 2024-08-05 07:02
VLAI?
Summary
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:25.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/issues/610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-8715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/embedthis/appweb/issues/610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-8715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/embedthis/appweb/issues/610",
"refsource": "MISC",
"url": "https://github.com/embedthis/appweb/issues/610"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3676",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3676"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2018-8715",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2018-8715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8715",
"datePublished": "2018-03-14T20:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T07:02:25.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9708 (GCVE-0-2014-9708)
Vulnerability from cvelistv5 – Published: 2015-03-31 00:00 – Updated: 2024-08-06 13:55
VLAI?
Summary
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037007",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037007"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/issues/413"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html"
},
{
"name": "20150408 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/19"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535028/100/0/threaded"
},
{
"name": "73407",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73407"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/158"
},
{
"name": "20150407 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/19"
},
{
"name": "20150327 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/158"
},
{
"name": "[oss-security] 20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/2"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/535028/100/1400/threaded"
},
{
"name": "[oss-security] 20150406 Re: Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/06/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2014-9708"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by \"Range: x=,\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1037007",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037007"
},
{
"url": "https://github.com/embedthis/appweb/issues/413"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348"
},
{
"url": "http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html"
},
{
"name": "20150408 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/19"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/535028/100/0/threaded"
},
{
"name": "73407",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/73407"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/158"
},
{
"name": "20150407 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/19"
},
{
"name": "20150327 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/158"
},
{
"name": "[oss-security] 20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/2"
},
{
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/535028/100/1400/threaded"
},
{
"name": "[oss-security] 20150406 Re: Advisory: CVE-2014-9708: Appweb Web Server",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/06/2"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2014-9708"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9708",
"datePublished": "2015-03-31T00:00:00",
"dateReserved": "2015-03-23T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}