Vulnerability Description
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Embedthis | Appweb | <= 7.0.2 |
Related Weaknesses (CWE)
References
- https://blogs.securiteam.com/index.php/archives/3676ExploitThird Party Advisory
- https://github.com/embedthis/appweb/issues/610PatchThird Party Advisory
- https://security.paloaltonetworks.com/CVE-2018-8715
- https://blogs.securiteam.com/index.php/archives/3676ExploitThird Party Advisory
- https://github.com/embedthis/appweb/issues/610PatchThird Party Advisory
- https://security.paloaltonetworks.com/CVE-2018-8715
FAQ
What is CVE-2018-8715?
CVE-2018-8715 is a vulnerability with a CVSS score of 8.1 (HIGH). The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentica...
How severe is CVE-2018-8715?
CVE-2018-8715 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-8715?
Check the references section above for vendor advisories and patch information. Affected products include: Embedthis Appweb.