CVSS: 7.5EPSS: 0%CPEs: 459EXPL: 2CVE-2018-15504
https://notcve.org/view.php?id=CVE-2018-15504
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. Se ha descubierto un problema en Embedthis GoAhead en versiones anteriores a la 4.0.1 y Appweb anteriores a la 7.0.2. El servidor maneja incorrectamente algunos campos request HTTP asociados con time, lo que resulta en una desreferencia de puntero NULL, tal y como queda demostrado con If-Modified-Since o If-Unmodified-Since con mes mayor a 11. • https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef https://github.com/embedthis/appweb/issues/605 https://github.com/embedthis/goahead/issues/264 https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 6%CPEs: 460EXPL: 3CVE-2014-9708 – Appweb Web Server Denial Of Service
https://notcve.org/view.php?id=CVE-2014-9708
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". Embedthis Appweb anterior a 4.6.6 y 5.x anterior a 5.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de una cabecera de rango con un valor vacío, tal y como fue demostrado por 'Rango: x=,'. Appweb Web Server suffers from a denial of service vulnerability. • http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/Apr/19 http://seclists.org/fulldisclosure/2015/Mar/158 http://www.openwall.com/lists/oss-security/2015/03/28/2 http://www.openwall.com/lists/oss-security/2015/04/06/2 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/archive/1/535028/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/5 • CWE-476: NULL Pointer Dereference •