Appweb

appweb

Vendor: Embedthis • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-33254 1Embedthis 1Appweb Nov 21, 2024 Jun 2, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.
CVE-2020-15689 1Embedthis 1Appweb Nov 21, 2024 Jul 13, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...Show more Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.Show less
CVE-2018-15505 2Embedthis Juniper 3Appweb GoaheadJunos Nov 21, 2024 Aug 18, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service...Show more An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.Show less
CVE-2018-15504 2Embedthis Juniper 3Appweb GoaheadJunos Nov 21, 2024 Aug 18, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-M...Show more An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.Show less
CVE-2018-8715 1Embedthis 1Appweb Nov 21, 2024 Mar 15, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form an...Show more The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.Show less
CVE-2014-9708 3Embedthis JuniperOracle 3Appweb Enterprise Communications BrokerJunos May 6, 2026 Mar 31, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".