PT-2018-2957 · Embedthis+1 · Appweb+2
Published
2018-08-18
·
Updated
2023-06-22
·
CVE-2018-15504
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Embedthis GoAhead versions prior to 4.0.1
Embedthis Appweb versions prior to 7.0.2
Description
The issue is related to errors in handling HTTP requests. Exploitation of this issue may allow a remote attacker to cause a denial of service. The server mishandles some HTTP request fields associated with time, resulting in a NULL pointer dereference. This can be demonstrated by
If-Modified-Since or If-Unmodified-Since with a month greater than 11.Recommendations
For Embedthis GoAhead versions prior to 4.0.1, update to version 4.0.1 or later.
For Embedthis Appweb versions prior to 7.0.2, update to version 7.0.2 or later.
As a temporary workaround, consider restricting access to the
If-Modified-Since and If-Unmodified-Since HTTP request fields to minimize the risk of exploitation.Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Appweb
Goahead
Junos