CVSS: 7.5EPSS: 0%CPEs: 225EXPL: 2CVE-2018-15505
https://notcve.org/view.php?id=CVE-2018-15505
18 Aug 2018 — An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address. Se ha descubierto un problema en Embedthis GoAhead en versiones anteriores a la 4.0.1 y Appweb anteriores a la 7.0.2. Una petición HTTP POST con un campo de cabecera "Host" especialmente manipulado puede causar una... • https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2017-14149
https://notcve.org/view.php?id=CVE-2017-14149
05 Sep 2017 — GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. GoAhead en versiones de la 3.4.0 a la 3.6.5 presenta una desreferencia de puntero NULL en la función websDecodeUrl en http.c, lo que da lugar a un bloqueo en una petición "POST / HTTP/1.1". • https://github.com/shadow4u/goaheaddebug/blob/master/README.md • CWE-476: NULL Pointer Dereference •