Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2018-8715

Published: 15/03/2018 Updated: 17/02/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Appweb

Vulnerability Summary

The Embedthis HTTP library, and Appweb versions prior to 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

embedthis appweb

Vendor Advisories

Palo Alto Networks Security Advisory: CVE-2018-8715 Denial of Service in PAN-OS Management Web Interface
CVE-2018-8715 Denial of Service in PAN-OS Management Web Interface ...

Github Repositories

https://github.com/VeXs13/test

AppWeb Authentication Bypass vulnerability (CVE-2018-8715) 中文版本(Chinese version) AppWeb is an embedded Web Server based on an open source GPL agreement that was developed and maintained by Embedthis Software LLC It is written in C/C++ and can run on almost any modern operating system Of course, it aims to provide a Web Application container for embedded devices AppWe

https://github.com/valency007/fep3370-exploit-demo-assignment

FEP3370 (Advanced Ethical Hacking) Exploit Demo Assignment

FEP3370 Exploit Demo Assignment (Authentication Bypass) Student Name: Valency Oscar Colaco, Linköping University (valencycolaco@liuse) This assignment demonstrates known vulnerabilities in LibSSH (before versions 076 and 084) and Embedthis's AppWeb (before version 703) related to flawed implementation logic (Improper Authentication) and bugs in the source co

https://github.com/cyberharsh/appweb

AppWeb认证绕过漏洞(CVE-2018-8715) AppWeb是Embedthis Software LLC公司负责开发维护的一个基于GPL开源协议的嵌入式Web Server。他使用C/C++来编写,能够运行在几乎先进所有流行的操作系统上。当然他最主要的应用场景还是为嵌入式设备提供Web Application容器。 AppWeb可以进行认证配置,其认证方式包

References

CWE-287https://github.com/embedthis/appweb/issues/610https://blogs.securiteam.com/index.php/archives/3676https://security.paloaltonetworks.com/CVE-2018-8715https://nvd.nist.govhttps://github.com/VeXs13/testhttps://github.com/valency007/fep3370-exploit-demo-assignmenthttps://security.paloaltonetworks.com/Home/Detail/127
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook