Lucene search
K

98 matches found

NVD
NVD
added 2019/11/22 7:15 p.m.23 views

CVE-2019-19240

Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak...

5.3CVSS5.3AI score0.01541EPSS
Exploits1References3
Prion
Prion
added 2019/11/22 7:15 p.m.17 views

Design/Logic Flaw

Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak...

5CVSS5.3AI score0.01541EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/11/22 6:46 p.m.125 views

CVE-2019-19240

The CVE-2019-19240 entry concerns Embedthis GoAhead before 5.0.1. Affected component: GoAhead WebsRedirect, which uses a fixed-size host buffer. Under certain redirected HTTP requests with a large Host header, the copy of the Host header can overflow, leaving the buffer uninitialized and potentia...

5.3CVSS5.3AI score0.01541EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/09/20 7:15 p.m.3 views

CVE-2019-16645

An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages such as goform/login and config/logoffpage.htm create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack...

8.6CVSS7.2AI score0.08183EPSS
Exploits3References2
NVD
NVD
added 2019/09/20 7:15 p.m.23 views

CVE-2019-16645

An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages such as goform/login and config/logoffpage.htm create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack...

8.6CVSS9AI score0.08183EPSS
Exploits3References2
Prion
Prion
added 2019/09/20 7:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages such as goform/login and config/logoffpage.htm create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack...

5CVSS8.9AI score0.08183EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2019/09/20 6:24 p.m.26 views

CVE-2019-16645

An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages such as goform/login and config/logoffpage.htm create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack...

8.6AI score0.08183EPSS
Exploits3References2
CVE
CVE
added 2019/09/20 6:24 p.m.528 views

CVE-2019-16645

CVE-2019-16645 affects Embedthis GoAhead 2.5.0 (and potentially similar versions). The issue is an HTTP Host header-based host name leakage in certain pages (e.g., goform/login, config/log_off_page.htm) that causes links to be constructed using an attacker-controlled Host header, enabling phishin...

8.6CVSS8.4AI score0.08183EPSS
Exploits3References2Affected Software1
Prion
Prion
added 2019/06/14 2:29 p.m.18 views

Authentication flaw

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself...

5CVSS7.9AI score0.08848EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/06/14 1:6 p.m.23 views

CVE-2019-12822

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself...

7.5AI score0.08848EPSS
Exploits0References2
CVE
CVE
added 2019/06/14 1:6 p.m.83 views

CVE-2019-12822

CVE-2019-12822 affects Embedthis GoAhead, specifically http.c, where a header parsing vulnerability in GoAhead before 4.1.1 and 5.x before 5.0.1 leads to a memory assertion, out-of-bounds memory reference, and potential DoS (demonstrated by a colon on a line by itself). Connected documents corrob...

7.5CVSS7.5AI score0.08848EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/08/18 12:0 a.m.60 views

CVE-2018-15504

CVE-2018-15504 affects Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The issue is a NULL pointer dereference caused by mishandling HTTP time-related request fields, demonstrated by If-Modified-Since or If-Unmodified-Since with a month value >11. This can lead to denial of service. Th...

7.5CVSS7.5AI score0.02766EPSS
Exploits1References5Affected Software2
CNVD
CNVD
added 2018/03/20 12:0 a.m.4 views

Embedthis Software Appweb Embedthis HTTP Library Authentication Bypass Vulnerability

Embedthis Software AppWeb is a fast and small web server from Embedthis Software, USA, which is mainly used for embedded applications, devices and web services with support for security defense policies, digest authentication, virtual hosting, etc. HTTP library is one of the HTTP libraries. The...

8.1CVSS6.9AI score0.19854EPSS
Exploits2References1
CNVD
CNVD
added 2018/03/19 12:0 a.m.2 views

AppWeb Authentication Bypass Vulnerability

AppWeb is Embedthis Software LLC is responsible for the development and maintenance of a GPL-based open source embedded Web Server , it is written in C/C++ , can run on almost all popular operating systems . An authentication bypass vulnerability exists in AppWeb. The vulnerability is due to a...

7.1AI score
Exploits0References1
OSV
OSV
added 2018/03/15 1:29 a.m.9 views

CVE-2018-8715

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types...

8.1CVSS5.8AI score0.19854EPSS
Exploits2References3
NVD
NVD
added 2018/03/15 1:29 a.m.27 views

CVE-2018-8715

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types...

8.1CVSS8.2AI score0.19854EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2018/03/15 1:29 a.m.3 views

CVE-2018-8715

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types...

8.1CVSS5.6AI score0.19854EPSS
Exploits2References5
seebug.org
seebug.org
added 2018/03/15 12:0 a.m.980 views

AppWeb Authentication Bypass (Digest, Basic and Forms)(CVE-2018-8715)

Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for form and...

6.8CVSS8.3AI score0.19854EPSS
Exploits2
Cvelist
Cvelist
added 2018/03/14 8:0 p.m.32 views

CVE-2018-8715

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types...

8.2AI score0.19854EPSS
Exploits2References3
CVE
CVE
added 2018/03/14 8:0 p.m.169 views

CVE-2018-8715

CVE-2018-8715 affects Embedthis HTTP library and Appweb versions before 7.0.3. The vulnerability resides in the authentication flow (authCondition in httpLib.c): when authentication is required, the code may proceed to call httpGetCredentials and httpLogin, and due to a logic flaw it can bypass a...

8.1CVSS8.1AI score0.19854EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder