PT-2020-14586 · Embedthis · Appweb
Published
2020-07-13
·
Updated
2023-01-27
·
CVE-2020-15689
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Appweb versions prior to 7.2.2
Appweb versions 8.x prior to 8.1.0
Description
The issue arises when Appweb, built with CGI support, fails to properly handle an HTTP request containing a Range header without an exact range. This mishandling can lead to a NULL pointer dereference, resulting in a denial of service.
Recommendations
For Appweb versions prior to 7.2.2, update to version 7.2.2 or later.
For Appweb versions 8.x prior to 8.1.0, update to version 8.1.0 or later.
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Appweb