CVE-2018-8715

Опубликовано: 15 мар. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Критический

Описание

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.

Ссылки

https://blogs.securiteam.com/index.php/archives/3676
Exploit
Third Party Advisory
https://github.com/embedthis/appweb/issues/610
Patch
Third Party Advisory
https://security.paloaltonetworks.com/CVE-2018-8715
https://blogs.securiteam.com/index.php/archives/3676
Exploit
Third Party Advisory
https://github.com/embedthis/appweb/issues/610
Patch
Third Party Advisory
https://security.paloaltonetworks.com/CVE-2018-8715

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:embedthis:appweb:*:*:*:*:*:*:*:*

Версия до 7.0.2 (включая)

EPSS

Процентиль: 100%

0.92326

Критический

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-jxh6-wcr3-pf67