6 matches found
CVE-2018-8715
CVE-2018-8715 affects Embedthis HTTP library and Appweb versions before 7.0.3. The vulnerability resides in the authentication flow (authCondition in httpLib.c): when authentication is required, the code may proceed to call httpGetCredentials and httpLogin, and due to a logic flaw it can bypass a...
CVE-2021-33254
CVE-2021-33254 affects EmbedThis Appweb Community Edition 8.2.1. The issue resides in src/http/httpLib.c (parseUri) and allows a denial of service via the stream parameter to parseUri, potentially crashing the server. Connected sources (NVD, Red Hat, CNVD, CNNVD, CVE listing) confirm the descript...
CVE-2014-9708
CVE-2014-9708 relates to Embedthis Appweb, where versions before 4.6.6 and 5.x before 5.2.1 are vulnerable to a remote denial of service caused by a NULL pointer dereference when handling a Range header with an empty value (e.g., “Range: x=,”). The vulnerability is triggered by processing a craft...
CVE-2018-15505
CVE-2018-15505 describes a NULL pointer dereference inEmbedthis GoAhead (before 4.0.1) and Appweb (before 7.0.2) triggered by an HTTP POST with a specially crafted Host header, notably demonstrated by a missing trailing ‘]’ in IPv6 addresses, causing a denial of service. Affected products/version...
CVE-2018-15504
CVE-2018-15504 affects Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The issue is a NULL pointer dereference caused by mishandling HTTP time-related request fields, demonstrated by If-Modified-Since or If-Unmodified-Since with a month value >11. This can lead to denial of service. Th...
CVE-2020-15689
CVE-2020-15689 affects Appweb prior to 7.2.2 and 8.x prior to 8.1.0 when built with CGI support. A crafted HTTP Range header lacking an exact range can cause a NULL pointer dereference, leading to a denial of service. Impact is described as a crash/DoS without additional exploitation details in t...