Lucene search

[email protected]CVE-2018-15505

HistoryAug 18, 2018 - 3:29 a.m.

CVE-2018-15505

2018-08-1803:29:00

CWE-476

[email protected]

web.nvd.nist.gov

goahead

appweb

http

post

null pointer dereference

cve-2018-15505

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.1%

JSON

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted “Host” header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ‘]’ character in an IPv6 address.

Affected configurations

NVD

Node

embedthisappwebRange<7.0.2

embedthisgoaheadRange<4.0.1

Node

juniperjunosMatch12.3-

juniperjunosMatch12.3r1

juniperjunosMatch12.3r10

juniperjunosMatch12.3r10-s1

juniperjunosMatch12.3r10-s2

juniperjunosMatch12.3r11

juniperjunosMatch12.3r12

juniperjunosMatch12.3r12-s1

juniperjunosMatch12.3r12-s10

juniperjunosMatch12.3r12-s11

juniperjunosMatch12.3r12-s12

juniperjunosMatch12.3r12-s13

juniperjunosMatch12.3r12-s20

juniperjunosMatch12.3r12-s3

juniperjunosMatch12.3r12-s4

juniperjunosMatch12.3r12-s6

juniperjunosMatch12.3r12-s8

juniperjunosMatch12.3x48-

juniperjunosMatch12.3x48d10

juniperjunosMatch12.3x48d15

juniperjunosMatch12.3x48d20

juniperjunosMatch12.3x48d25

juniperjunosMatch12.3x48d30

juniperjunosMatch12.3x48d35

juniperjunosMatch12.3x48d40

juniperjunosMatch12.3x48d45

juniperjunosMatch12.3x48d50

juniperjunosMatch12.3x48d51

juniperjunosMatch12.3x48d55

juniperjunosMatch12.3x48d60

juniperjunosMatch12.3x48d65

juniperjunosMatch12.3x48d66

juniperjunosMatch12.3x48d70

juniperjunosMatch12.3x48d75

juniperjunosMatch15.1-

juniperjunosMatch15.1a1

juniperjunosMatch15.1f

juniperjunosMatch15.1f1

juniperjunosMatch15.1f2

juniperjunosMatch15.1f2-s1

juniperjunosMatch15.1f2-s2

juniperjunosMatch15.1f2-s3

juniperjunosMatch15.1f2-s4

juniperjunosMatch15.1f3

juniperjunosMatch15.1f4

juniperjunosMatch15.1f5

juniperjunosMatch15.1f5-s7

juniperjunosMatch15.1f6

juniperjunosMatch15.1f6-s1

juniperjunosMatch15.1f6-s10

juniperjunosMatch15.1f6-s12

juniperjunosMatch15.1f6-s2

juniperjunosMatch15.1f6-s3

juniperjunosMatch15.1f6-s4

juniperjunosMatch15.1f6-s5

juniperjunosMatch15.1f6-s6

juniperjunosMatch15.1f6-s7

juniperjunosMatch15.1f6-s8

juniperjunosMatch15.1f6-s9

juniperjunosMatch15.1r7

juniperjunosMatch15.1r7-s1

juniperjunosMatch15.1r7-s10

juniperjunosMatch15.1r7-s11

juniperjunosMatch15.1r7-s12

juniperjunosMatch15.1r7-s2

juniperjunosMatch15.1r7-s3

juniperjunosMatch15.1x49-

juniperjunosMatch15.1x49d10

juniperjunosMatch15.1x49d100

juniperjunosMatch15.1x49d110

juniperjunosMatch15.1x49d120

juniperjunosMatch15.1x49d130

juniperjunosMatch15.1x49d131

juniperjunosMatch15.1x49d140

juniperjunosMatch15.1x49d15

juniperjunosMatch15.1x49d150

juniperjunosMatch15.1x49d160

juniperjunosMatch15.1x53

juniperjunosMatch15.1x53-

juniperjunosMatch15.1x53d10

juniperjunosMatch15.1x53d20

juniperjunosMatch15.1x53d21

juniperjunosMatch15.1x53d210

juniperjunosMatch15.1x53d230

juniperjunosMatch15.1x53d231

juniperjunosMatch15.1x53d232

juniperjunosMatch15.1x53d233

juniperjunosMatch15.1x53d234

juniperjunosMatch15.1x53d235

juniperjunosMatch15.1x53d236

juniperjunosMatch15.1x53d237

juniperjunosMatch15.1x53d25

juniperjunosMatch15.1x53d30

juniperjunosMatch15.1x53d31

juniperjunosMatch15.1x53d32

juniperjunosMatch15.1x53d33

juniperjunosMatch15.1x53d34

juniperjunosMatch15.1x53d40

juniperjunosMatch15.1x53d45

juniperjunosMatch15.1x53d47

juniperjunosMatch15.1x53d470

juniperjunosMatch15.1x53d471

juniperjunosMatch15.1x53d48

juniperjunosMatch15.1x53d490

juniperjunosMatch15.1x53d495

juniperjunosMatch15.1x53d50

juniperjunosMatch15.1x53d51

juniperjunosMatch15.1x53d52

juniperjunosMatch15.1x53d55

juniperjunosMatch15.1x53d56

juniperjunosMatch15.1x53d57

juniperjunosMatch15.1x53d58

juniperjunosMatch15.1x53d59

juniperjunosMatch15.1x53d60

juniperjunosMatch15.1x53d61

juniperjunosMatch15.1x53d62

juniperjunosMatch15.1x53d63

juniperjunosMatch15.1x53d64

juniperjunosMatch15.1x53d65

juniperjunosMatch15.1x53d66

juniperjunosMatch15.1x53d67

juniperjunosMatch15.1x53d68

juniperjunosMatch15.1x53d69

juniperjunosMatch15.1x53d70

juniperjunosMatch16.1-

juniperjunosMatch16.1r

juniperjunosMatch16.1r1

juniperjunosMatch16.1r2

juniperjunosMatch16.1r3

juniperjunosMatch16.1r3-s10

juniperjunosMatch16.1r3-s11

juniperjunosMatch16.1r3-s8

juniperjunosMatch16.1r4

juniperjunosMatch16.1r4-s12

juniperjunosMatch16.1r4-s2

juniperjunosMatch16.1r4-s3

juniperjunosMatch16.1r4-s4

juniperjunosMatch16.1r4-s6

juniperjunosMatch16.1r4-s8

juniperjunosMatch16.1r4-s9

juniperjunosMatch16.1r7

juniperjunosMatch16.1r7-s2

juniperjunosMatch16.1r7-s3

juniperjunosMatch16.1r7-s4

juniperjunosMatch16.2-

juniperjunosMatch16.2r1

juniperjunosMatch16.2r1-s6

juniperjunosMatch16.2r2

juniperjunosMatch16.2r2-s1

juniperjunosMatch16.2r2-s2

juniperjunosMatch16.2r2-s5

juniperjunosMatch16.2r2-s6

juniperjunosMatch16.2r2-s7

juniperjunosMatch16.2r2-s8

juniperjunosMatch16.2r2-s9

juniperjunosMatch17.1-

juniperjunosMatch17.1r1

juniperjunosMatch17.1r1-s7

juniperjunosMatch17.1r2

juniperjunosMatch17.1r2-s1

juniperjunosMatch17.1r2-s10

juniperjunosMatch17.1r2-s11

juniperjunosMatch17.1r2-s2

juniperjunosMatch17.1r2-s3

juniperjunosMatch17.1r2-s4

juniperjunosMatch17.1r2-s5

juniperjunosMatch17.1r2-s6

juniperjunosMatch17.1r2-s7

juniperjunosMatch17.1r2-s8

juniperjunosMatch17.1r2-s9

juniperjunosMatch17.2-

juniperjunosMatch17.2r1

juniperjunosMatch17.2r1-s1

juniperjunosMatch17.2r1-s2

juniperjunosMatch17.2r1-s3

juniperjunosMatch17.2r1-s4

juniperjunosMatch17.2r1-s5

juniperjunosMatch17.2r1-s6

juniperjunosMatch17.2r1-s7

juniperjunosMatch17.2r1-s8

juniperjunosMatch17.2r2

juniperjunosMatch17.2r2-s4

juniperjunosMatch17.2r2-s6

juniperjunosMatch17.2r3

juniperjunosMatch17.3-

juniperjunosMatch17.3r1

juniperjunosMatch17.3r1-s1

juniperjunosMatch17.3r1-s4

juniperjunosMatch17.3r2

juniperjunosMatch17.3r2-s1

juniperjunosMatch17.3r2-s2

juniperjunosMatch17.3r2-s3

juniperjunosMatch17.3r2-s4

juniperjunosMatch17.3r2-s5

juniperjunosMatch17.3r3

juniperjunosMatch17.3r3-

juniperjunosMatch17.3r3-s1

juniperjunosMatch17.3r3-s2

juniperjunosMatch17.3r3-s3

juniperjunosMatch17.3r3-s4

juniperjunosMatch17.4-

juniperjunosMatch17.4r1

juniperjunosMatch17.4r1-s1

juniperjunosMatch17.4r1-s2

juniperjunosMatch17.4r1-s3

juniperjunosMatch17.4r1-s4

juniperjunosMatch17.4r1-s5

juniperjunosMatch17.4r1-s6

juniperjunosMatch17.4r2

juniperjunosMatch17.4r2-s1

juniperjunosMatch17.4r2-s2

juniperjunosMatch17.4r2-s3

juniperjunosMatch18.1-

juniperjunosMatch18.1r1

juniperjunosMatch18.1r2

juniperjunosMatch18.1r2-s1

juniperjunosMatch18.1r2-s2

juniperjunosMatch18.1r2-s4

juniperjunosMatch18.1r3

juniperjunosMatch18.1r3-s1

juniperjunosMatch18.1r3-s2

juniperjunosMatch18.1r3-s3

juniperjunosMatch18.1r3-s4

CPENameOperatorVersion
embedthis:appwebembedthis appweblt7.0.2
embedthis:goaheadembedthis goaheadlt4.0.1

CPE	Name	Operator	Version
embedthis:appweb	embedthis appweb	lt	7.0.2
embedthis:goahead	embedthis goahead	lt	4.0.1

References

github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9

github.com/embedthis/appweb/issues/605

github.com/embedthis/goahead/issues/264

supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for CVE-2018-15505

cvelist1 prion1 nvd1 nessus1 ics1