CVE-2018-15504 — HIGH (7.5)

Q: How severe is CVE-2018-15504?

CVE-2018-15504 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-15504?

Check the references section above for vendor advisories and patch information. Affected products include: Embedthis Appweb, Embedthis Goahead, Juniper Junos, Juniper Srx100, Juniper Srx110.

Vulnerability Description

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Embedthis	Appweb	< 7.0.2
Embedthis	Goahead	< 4.0.1
Juniper	Junos	12.1x46
Juniper	Srx100	-
Juniper	Srx110	-
Juniper	Srx1400	-
Juniper	Srx1500	-
Juniper	Srx210	-
Juniper	Srx220	-
Juniper	Srx240	-
Juniper	Srx240H2	-
Juniper	Srx240M	-
Juniper	Srx300	-
Juniper	Srx320	-
Juniper	Srx340	-
Juniper	Srx3400	-
Juniper	Srx345	-
Juniper	Srx3600	-
Juniper	Srx380	-
Juniper	Srx4000	-

Related Weaknesses (CWE)

CWE-476

References

https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2dPatchThird Party Advisory
https://github.com/embedthis/appweb/issues/605ExploitPatchThird Party Advisory
https://github.com/embedthis/goahead/issues/264ExploitPatchThird Party Advisory
https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-JThird Party Advisory
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-MThird Party Advisory
https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2dPatchThird Party Advisory
https://github.com/embedthis/appweb/issues/605ExploitPatchThird Party Advisory
https://github.com/embedthis/goahead/issues/264ExploitPatchThird Party Advisory
https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-JThird Party Advisory
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-MThird Party Advisory

FAQ

What is CVE-2018-15504?

CVE-2018-15504 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as ...

How severe is CVE-2018-15504?

CVE-2018-15504 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-15504?

Check the references section above for vendor advisories and patch information. Affected products include: Embedthis Appweb, Embedthis Goahead, Juniper Junos, Juniper Srx100, Juniper Srx110.