6.8
CVSSv2

CVE-2018-8715

Published: 15/03/2018 Updated: 06/03/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The Embedthis HTTP library, and Appweb versions prior to 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.

Vulnerability Trend

Affected Products

Vendor Product Versions
EmbedthisAppweb7.0.2

Vendor Advisories

Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715 This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface (Ref # PAN-93089, CVE-2018-8715) ...