CVE-2014-9708

CVE-2014-9708 relates to Embedthis Appweb, where versions before 4.6.6 and 5.x before 5.2.1 are vulnerable to a remote denial of service caused by a NULL pointer dereference when handling a Range header with an empty value (e.g., “Range: x=,”). The vulnerability is triggered by processing a craft...

CVE-2018-15505

CVE-2018-15505 describes a NULL pointer dereference inEmbedthis GoAhead (before 4.0.1) and Appweb (before 7.0.2) triggered by an HTTP POST with a specially crafted Host header, notably demonstrated by a missing trailing ‘]’ in IPv6 addresses, causing a denial of service. Affected products/version...

CVE-2018-15504

CVE-2018-15504 affects Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The issue is a NULL pointer dereference caused by mishandling HTTP time-related request fields, demonstrated by If-Modified-Since or If-Unmodified-Since with a month value >11. This can lead to denial of service. Th...

CVE-2020-15689

CVE-2020-15689 affects Appweb prior to 7.2.2 and 8.x prior to 8.1.0 when built with CGI support. A crafted HTTP Range header lacking an exact range can cause a NULL pointer dereference, leading to a denial of service. Impact is described as a crash/DoS without additional exploitation details in t...