3 matches found
Appweb < 7.0.3 authCondition Authentication Bypass Vulnerability
According to its banner, the version of Appweb installed on the remote host is prior to 7.0.3. It is, therefore, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. Note...
Denial of Service in PAN-OS Management Web Interface
Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715. This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface. Ref PAN-93089, CVE-2018-8715 A specially crafted HTTP POST request with an invalid “If-modified" header...
CVE-2018-8715
CVE-2018-8715 affects Embedthis HTTP library and Appweb versions before 7.0.3. The vulnerability resides in the authentication flow (authCondition in httpLib.c): when authentication is required, the code may proceed to call httpGetCredentials and httpLogin, and due to a logic flaw it can bypass a...