Published: 18/08/2018 Updated: 22/06/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in Embedthis GoAhead prior to 4.0.1 and Appweb prior to 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.

Vulnerable Product	Search on Vulmon	Subscribe to Product
embedthis appweb
embedthis goahead
juniper junos 12.1x46
juniper junos 12.3x48
juniper junos 15.1x49
juniper junos 12.3
juniper junos 15.1
juniper junos 15.1x53
juniper junos 16.1
juniper junos 16.2
juniper junos 17.1
juniper junos 17.2
juniper junos 17.3
juniper junos 17.4
juniper junos 18.1
juniper junos 18.2
juniper junos 18.3
juniper junos 18.4

CWE-476 https://github.com/embedthis/goahead/issues/264 https://github.com/embedthis/appweb/issues/605 https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-15504

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect