Skip to main content

Appweb

5 CVEs product

Monthly

CVE-2020-15689 HIGH This Week

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Appweb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-15505 HIGH POC PATCH This Week

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Appweb Goahead Junos
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2018-15504 HIGH POC PATCH This Week

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Appweb Goahead Junos
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-8715 HIGH POC PATCH THREAT This Week

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Appweb
NVD GitHub
CVSS 3.0
8.1
EPSS
19.9%
CVE-2014-9708 MEDIUM POC PATCH This Month

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range:. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Enterprise Communications Broker Appweb Junos
NVD GitHub
CVSS 2.0
5.0
EPSS
4.5%
EPSS 1% CVSS 7.5
HIGH This Week

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Appweb
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Appweb +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Appweb +2
NVD GitHub
EPSS 20% CVSS 8.1
HIGH POC PATCH THREAT This Week

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Appweb
NVD GitHub
EPSS 5% CVSS 5.0
MEDIUM POC PATCH This Month

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range:. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Enterprise Communications Broker +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy