Published: 15/03/2018 Updated: 06/03/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The Embedthis HTTP library, and Appweb versions prior to 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.

Vulnerability Trend

Affected Products

Vendor Product Versions

Vendor Advisories

Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715 This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface (Ref # PAN-93089, CVE-2018-8715) ...