CVE-2018-15505

Name of the Vulnerable Software and Affected Versions Embedthis GoAhead versions prior to 4.0.1 Embedthis Appweb versions prior to 7.0.2

Description The issue is related to errors in processing HTTP requests. It may allow a remote attacker to cause a denial of service. This can be achieved by sending an HTTP POST request with a specially crafted Host header field, which may cause a NULL pointer dereference. The lack of a trailing '' character in an IPv6 address can demonstrate this.

Recommendations For Embedthis GoAhead versions prior to 4.0.1, update to version 4.0.1 or later to resolve the issue. For Embedthis Appweb versions prior to 7.0.2, update to version 7.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP POST endpoint to minimize the risk of exploitation. Avoid using specially crafted Host header fields in HTTP requests until the issue is resolved.