PT-2016-4675 · Embedthis+1 · Appweb+1

Published

2016-01-15

·

Updated

2016-12-03

·

CVE-2016-1258

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Embedthis Appweb versions prior to 12.1X44-D60 Embedthis Appweb versions 12.1X46 prior to 12.1X46-D45 Embedthis Appweb versions 12.1X47 prior to 12.1X47-D30 Embedthis Appweb versions 12.3 prior to 12.3R10 Embedthis Appweb versions 12.3X48 prior to 12.3X48-D20 Embedthis Appweb versions 13.2X51 prior to 13.2X51-D20 Embedthis Appweb versions 13.3 prior to 13.3R8 Embedthis Appweb versions 14.1 prior to 14.1R6 Embedthis Appweb versions 14.2 prior to 14.2R5
Description The issue allows remote attackers to cause a denial of service, resulting in a J-Web crash, via unspecified vectors.
Recommendations For versions prior to 12.1X44-D60, update to 12.1X44-D60 or later. For versions 12.1X46 prior to 12.1X46-D45, update to 12.1X46-D45 or later. For versions 12.1X47 prior to 12.1X47-D30, update to 12.1X47-D30 or later. For versions 12.3 prior to 12.3R10, update to 12.3R10 or later. For versions 12.3X48 prior to 12.3X48-D20, update to 12.3X48-D20 or later. For versions 13.2X51 prior to 13.2X51-D20, update to 13.2X51-D20 or later. For versions 13.3 prior to 13.3R8, update to 13.3R8 or later. For versions 14.1 prior to 14.1R6, update to 14.1R6 or later. For versions 14.2 prior to 14.2R5, update to 14.2R5 or later.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-1258

Affected Products

Appweb
Junos