98 matches found
CVE-2019-19240
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak...
Design/Logic Flaw
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak...
CVE-2019-19240
The CVE-2019-19240 entry concerns Embedthis GoAhead before 5.0.1. Affected component: GoAhead WebsRedirect, which uses a fixed-size host buffer. Under certain redirected HTTP requests with a large Host header, the copy of the Host header can overflow, leaving the buffer uninitialized and potentia...
CVE-2019-16645
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages such as goform/login and config/logoffpage.htm create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack...
CVE-2019-16645
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages such as goform/login and config/logoffpage.htm create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack...
Design/Logic Flaw
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages such as goform/login and config/logoffpage.htm create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack...
CVE-2019-16645
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages such as goform/login and config/logoffpage.htm create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack...
CVE-2019-16645
CVE-2019-16645 affects Embedthis GoAhead 2.5.0 (and potentially similar versions). The issue is an HTTP Host header-based host name leakage in certain pages (e.g., goform/login, config/log_off_page.htm) that causes links to be constructed using an attacker-controlled Host header, enabling phishin...
Authentication flaw
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself...
CVE-2019-12822
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself...
CVE-2019-12822
CVE-2019-12822 affects Embedthis GoAhead, specifically http.c, where a header parsing vulnerability in GoAhead before 4.1.1 and 5.x before 5.0.1 leads to a memory assertion, out-of-bounds memory reference, and potential DoS (demonstrated by a colon on a line by itself). Connected documents corrob...
CVE-2018-15504
CVE-2018-15504 affects Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The issue is a NULL pointer dereference caused by mishandling HTTP time-related request fields, demonstrated by If-Modified-Since or If-Unmodified-Since with a month value >11. This can lead to denial of service. Th...
Embedthis Software Appweb Embedthis HTTP Library Authentication Bypass Vulnerability
Embedthis Software AppWeb is a fast and small web server from Embedthis Software, USA, which is mainly used for embedded applications, devices and web services with support for security defense policies, digest authentication, virtual hosting, etc. HTTP library is one of the HTTP libraries. The...
AppWeb Authentication Bypass Vulnerability
AppWeb is Embedthis Software LLC is responsible for the development and maintenance of a GPL-based open source embedded Web Server , it is written in C/C++ , can run on almost all popular operating systems . An authentication bypass vulnerability exists in AppWeb. The vulnerability is due to a...
CVE-2018-8715
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types...
CVE-2018-8715
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types...
CVE-2018-8715
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types...
AppWeb Authentication Bypass (Digest, Basic and Forms)(CVE-2018-8715)
Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for form and...
CVE-2018-8715
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types...
CVE-2018-8715
CVE-2018-8715 affects Embedthis HTTP library and Appweb versions before 7.0.3. The vulnerability resides in the authentication flow (authCondition in httpLib.c): when authentication is required, the code may proceed to call httpGetCredentials and httpLogin, and due to a logic flaw it can bypass a...