Embedthis Appweb
By the Year
In 2024 there have been 0 vulnerabilities in Embedthis Appweb . Appweb did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.50 |
| 2019 | 0 | 0.00 |
| 2018 | 3 | 7.70 |
It may take a day or so for new Appweb vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Embedthis Appweb Security Vulnerabilities
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header
CVE-2020-15689
7.5 - High
- July 13, 2020
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.
NULL Pointer Dereference
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2
CVE-2018-15504
7.5 - High
- August 18, 2018
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
NULL Pointer Dereference
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2
CVE-2018-15505
7.5 - High
- August 18, 2018
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.
NULL Pointer Dereference
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c
CVE-2018-8715
8.1 - High
- March 15, 2018
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
authentification
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1
CVE-2014-9708
- March 31, 2015
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".
NULL Pointer Dereference
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Juniper Networks Junos or by Embedthis? Click the Watch button to subscribe.
