AI Score
Confidence
High
EPSS
Percentile
83.0%
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
blogs.securiteam.com/index.php/archives/3676
github.com/embedthis/appweb/issues/610
security.paloaltonetworks.com/CVE-2018-8715