CVE-2018-8715

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
embedthisappweb
𝑥
≤ 7.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blogs.securiteam.com/index.php/archives/3676
https://github.com/embedthis/appweb/issues/610
https://security.paloaltonetworks.com/CVE-2018-8715
https://blogs.securiteam.com/index.php/archives/3676
https://github.com/embedthis/appweb/issues/610
https://security.paloaltonetworks.com/CVE-2018-8715