VYPR

Appweb

by Embedthis

Source repositories

CVEs (11)

  • CVE-2018-8715HigMar 15, 2018
    risk 0.54cvss 8.1epss 0.20

    The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.

  • CVE-2018-15505HigAug 18, 2018
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character…

  • CVE-2018-15504HigAug 18, 2018
    risk 0.42cvss 7.5epss 0.03

    An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater…

  • CVE-2016-1258MedJan 15, 2016
    risk 0.35cvss 5.3epss 0.02

    Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows…

  • CVE-2007-3009Jun 4, 2007
    risk 0.03cvss epss 0.02

    Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP…

  • CVE-2020-15689Jul 13, 2020
    risk 0.00cvss epss 0.01

    Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.

  • CVE-2014-9708Mar 31, 2015
    risk 0.00cvss epss 0.56

    Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".

  • CVE-2007-3008Jun 4, 2007
    risk 0.00cvss epss 0.01

    Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.

  • CVE-2004-2315Dec 31, 2004
    risk 0.00cvss epss 0.02

    Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request.

  • CVE-2004-2213Dec 31, 2004
    risk 0.00cvss epss 0.01

    Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.

  • CVE-2004-2316Dec 31, 2004
    risk 0.00cvss epss 0.02

    Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1.