Vulnerability Details CVE-2018-15504
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef
- https://github.com/embedthis/appweb/issues/605
- https://github.com/embedthis/goahead/issues/264
- https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server
- https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved
- https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef
- https://github.com/embedthis/appweb/issues/605
- https://github.com/embedthis/goahead/issues/264
- https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server
- https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved
Products affected by CVE-2018-15504
-
cpe:2.3:a:embedthis:appweb:4.0.0
-
cpe:2.3:a:embedthis:appweb:4.1.0
-
cpe:2.3:a:embedthis:appweb:4.2.0
-
cpe:2.3:a:embedthis:appweb:4.3.0
-
cpe:2.3:a:embedthis:appweb:4.3.1
-
cpe:2.3:a:embedthis:appweb:4.3.2
-
cpe:2.3:a:embedthis:appweb:4.3.3
-
cpe:2.3:a:embedthis:appweb:4.3.4
-
cpe:2.3:a:embedthis:appweb:4.3.5
-
cpe:2.3:a:embedthis:appweb:4.3.6
-
cpe:2.3:a:embedthis:appweb:4.4.0
-
cpe:2.3:a:embedthis:appweb:4.4.3
-
cpe:2.3:a:embedthis:appweb:4.4.4
-
cpe:2.3:a:embedthis:appweb:4.5.0
-
cpe:2.3:a:embedthis:appweb:4.5.1
-
cpe:2.3:a:embedthis:appweb:4.5.2
-
cpe:2.3:a:embedthis:appweb:4.5.3
-
cpe:2.3:a:embedthis:appweb:4.5.4
-
cpe:2.3:a:embedthis:appweb:4.5.5
-
cpe:2.3:a:embedthis:appweb:4.5.6
-
cpe:2.3:a:embedthis:appweb:4.6.0
-
cpe:2.3:a:embedthis:appweb:4.6.1
-
cpe:2.3:a:embedthis:appweb:4.6.2
-
cpe:2.3:a:embedthis:appweb:4.6.3
-
cpe:2.3:a:embedthis:appweb:4.6.4
-
cpe:2.3:a:embedthis:appweb:4.6.5
-
cpe:2.3:a:embedthis:appweb:4.6.6
-
cpe:2.3:a:embedthis:appweb:4.7.0
-
cpe:2.3:a:embedthis:appweb:4.7.1
-
cpe:2.3:a:embedthis:appweb:4.7.2
-
cpe:2.3:a:embedthis:appweb:4.7.3
-
cpe:2.3:a:embedthis:appweb:4.7.4
-
cpe:2.3:a:embedthis:appweb:5.0.0
-
cpe:2.3:a:embedthis:appweb:5.1.0
-
cpe:2.3:a:embedthis:appweb:5.2.0
-
cpe:2.3:a:embedthis:appweb:5.3.0
-
cpe:2.3:a:embedthis:appweb:5.4.0
-
cpe:2.3:a:embedthis:appweb:5.4.1
-
cpe:2.3:a:embedthis:appweb:5.4.2
-
cpe:2.3:a:embedthis:appweb:5.4.3
-
cpe:2.3:a:embedthis:appweb:5.4.4
-
cpe:2.3:a:embedthis:appweb:5.4.5
-
cpe:2.3:a:embedthis:appweb:5.4.6
-
cpe:2.3:a:embedthis:appweb:5.4.7
-
cpe:2.3:a:embedthis:appweb:5.5.0
-
cpe:2.3:a:embedthis:appweb:5.5.1
-
cpe:2.3:a:embedthis:appweb:5.6.0
-
cpe:2.3:a:embedthis:appweb:5.6.1
-
cpe:2.3:a:embedthis:appweb:5.6.2
-
cpe:2.3:a:embedthis:appweb:6.0.0
-
cpe:2.3:a:embedthis:appweb:6.0.1
-
cpe:2.3:a:embedthis:appweb:6.0.2
-
cpe:2.3:a:embedthis:appweb:6.0.3
-
cpe:2.3:a:embedthis:appweb:6.1.0
-
cpe:2.3:a:embedthis:appweb:6.1.1
-
cpe:2.3:a:embedthis:appweb:6.2.0
-
cpe:2.3:a:embedthis:appweb:6.2.1
-
cpe:2.3:a:embedthis:appweb:6.2.2
-
cpe:2.3:a:embedthis:appweb:6.2.3
-
cpe:2.3:a:embedthis:appweb:7.0.0
-
cpe:2.3:a:embedthis:appweb:7.0.1
-
cpe:2.3:a:embedthis:goahead:-
-
cpe:2.3:a:embedthis:goahead:2.1.5
-
cpe:2.3:a:embedthis:goahead:2.1.8
-
cpe:2.3:a:embedthis:goahead:2.5.0
-
cpe:2.3:a:embedthis:goahead:3.0.0
-
cpe:2.3:a:embedthis:goahead:3.1.0
-
cpe:2.3:a:embedthis:goahead:3.1.1
-
cpe:2.3:a:embedthis:goahead:3.1.2
-
cpe:2.3:a:embedthis:goahead:3.1.3
-
cpe:2.3:a:embedthis:goahead:3.3.0
-
cpe:2.3:a:embedthis:goahead:3.3.1
-
cpe:2.3:a:embedthis:goahead:3.3.2
-
cpe:2.3:a:embedthis:goahead:3.3.3
-
cpe:2.3:a:embedthis:goahead:3.3.4
-
cpe:2.3:a:embedthis:goahead:3.3.5
-
cpe:2.3:a:embedthis:goahead:3.3.6
-
cpe:2.3:a:embedthis:goahead:3.4.0
-
cpe:2.3:a:embedthis:goahead:3.4.1
-
cpe:2.3:a:embedthis:goahead:3.4.10
-
cpe:2.3:a:embedthis:goahead:3.4.11
-
cpe:2.3:a:embedthis:goahead:3.4.12
-
cpe:2.3:a:embedthis:goahead:3.4.2
-
cpe:2.3:a:embedthis:goahead:3.4.3
-
cpe:2.3:a:embedthis:goahead:3.4.4
-
cpe:2.3:a:embedthis:goahead:3.4.5
-
cpe:2.3:a:embedthis:goahead:3.4.6
-
cpe:2.3:a:embedthis:goahead:3.4.7
-
cpe:2.3:a:embedthis:goahead:3.4.8
-
cpe:2.3:a:embedthis:goahead:3.4.9
-
cpe:2.3:a:embedthis:goahead:3.5.0
-
cpe:2.3:a:embedthis:goahead:3.6.0
-
cpe:2.3:a:embedthis:goahead:3.6.1
-
cpe:2.3:a:embedthis:goahead:3.6.2
-
cpe:2.3:a:embedthis:goahead:3.6.3
-
cpe:2.3:a:embedthis:goahead:3.6.4
-
cpe:2.3:a:embedthis:goahead:3.6.5
-
cpe:2.3:a:embedthis:goahead:4.0.0
-
cpe:2.3:h:juniper:ex2200-c:-
-
cpe:2.3:h:juniper:ex2200-vc:-
-
cpe:2.3:h:juniper:ex2200:-
-
cpe:2.3:h:juniper:ex2300-24mp:-
-
cpe:2.3:h:juniper:ex2300-24p:-
-
cpe:2.3:h:juniper:ex2300-24t:-
-
cpe:2.3:h:juniper:ex2300-48mp:-
-
cpe:2.3:h:juniper:ex2300-48p:-
-
cpe:2.3:h:juniper:ex2300-48t:-
-
cpe:2.3:h:juniper:ex2300-c:-
-
cpe:2.3:h:juniper:ex2300:-
-
cpe:2.3:h:juniper:ex2300m:-
-
cpe:2.3:h:juniper:ex3200:-
-
cpe:2.3:h:juniper:ex3300-vc:-
-
cpe:2.3:h:juniper:ex3300:-
-
cpe:2.3:h:juniper:ex3400:-
-
cpe:2.3:h:juniper:ex4200-vc:-
-
cpe:2.3:h:juniper:ex4200:-
-
cpe:2.3:h:juniper:ex4300-24p-s:-
-
cpe:2.3:h:juniper:ex4300-24p:-
-
cpe:2.3:h:juniper:ex4300-24t-s:-
-
cpe:2.3:h:juniper:ex4300-24t:-
-
cpe:2.3:h:juniper:ex4300-32f-dc:-
-
cpe:2.3:h:juniper:ex4300-32f-s:-
-
cpe:2.3:h:juniper:ex4300-32f:-
-
cpe:2.3:h:juniper:ex4300-48mp-s:-
-
cpe:2.3:h:juniper:ex4300-48mp:-
-
cpe:2.3:h:juniper:ex4300-48p-s:-
-
cpe:2.3:h:juniper:ex4300-48p:-
-
cpe:2.3:h:juniper:ex4300-48t-afi:-
-
cpe:2.3:h:juniper:ex4300-48t-dc-afi:-
-
cpe:2.3:h:juniper:ex4300-48t-dc:-
-
cpe:2.3:h:juniper:ex4300-48t-s:-
-
cpe:2.3:h:juniper:ex4300-48t:-
-
cpe:2.3:h:juniper:ex4300-48tafi:-
-
cpe:2.3:h:juniper:ex4300-48tdc-afi:-
-
cpe:2.3:h:juniper:ex4300-48tdc:-
-
cpe:2.3:h:juniper:ex4300-mp:-
-
cpe:2.3:h:juniper:ex4300-vc:-
-
cpe:2.3:h:juniper:ex4300:-
-
cpe:2.3:h:juniper:ex4300m:-
-
cpe:2.3:h:juniper:ex4400:-
-
cpe:2.3:h:juniper:ex4500-vc:-
-
cpe:2.3:h:juniper:ex4500:-
-
cpe:2.3:h:juniper:ex4550-vc:-
-
cpe:2.3:h:juniper:ex4550/vc:-
-
cpe:2.3:h:juniper:ex4550:-
-
cpe:2.3:h:juniper:ex4600-vc:-
-
cpe:2.3:h:juniper:ex4600:-
-
cpe:2.3:h:juniper:ex4650:-
-
cpe:2.3:h:juniper:ex6200:-
-
cpe:2.3:h:juniper:ex6210:-
-
cpe:2.3:h:juniper:ex8200-vc:-
-
cpe:2.3:h:juniper:ex8200:-
-
cpe:2.3:h:juniper:ex8208:-
-
cpe:2.3:h:juniper:ex8216:-
-
cpe:2.3:h:juniper:ex9200:-
-
cpe:2.3:h:juniper:ex9204:-
-
cpe:2.3:h:juniper:ex9208:-
-
cpe:2.3:h:juniper:ex9214:-
-
cpe:2.3:h:juniper:ex9250:-
-
cpe:2.3:h:juniper:ex9251:-
-
cpe:2.3:h:juniper:ex9253:-
-
cpe:2.3:h:juniper:mx10000:-
-
cpe:2.3:h:juniper:mx10003:-
-
cpe:2.3:h:juniper:mx10008:-
-
cpe:2.3:h:juniper:mx10016:-
-
cpe:2.3:h:juniper:mx104:-
-
cpe:2.3:h:juniper:mx10:-
-
cpe:2.3:h:juniper:mx150:-
-
cpe:2.3:h:juniper:mx2008:-
-
cpe:2.3:h:juniper:mx2010:-
-
cpe:2.3:h:juniper:mx2020:-
-
cpe:2.3:h:juniper:mx204:-
-
cpe:2.3:h:juniper:mx240:-
-
cpe:2.3:h:juniper:mx40:-
-
cpe:2.3:h:juniper:mx480:-
-
cpe:2.3:h:juniper:mx5:-
-
cpe:2.3:h:juniper:mx80:-
-
cpe:2.3:h:juniper:mx960:-
-
cpe:2.3:h:juniper:mx:-
-
cpe:2.3:h:juniper:ptx1000-72q:-
-
cpe:2.3:h:juniper:ptx10000:-
-
cpe:2.3:h:juniper:ptx10001-36mr:-
-
cpe:2.3:h:juniper:ptx100016:-
-
cpe:2.3:h:juniper:ptx10001:-
-
cpe:2.3:h:juniper:ptx10002-60c:-
-
cpe:2.3:h:juniper:ptx10002:-
-
cpe:2.3:h:juniper:ptx10003:-
-
cpe:2.3:h:juniper:ptx10003_160c:-
-
cpe:2.3:h:juniper:ptx10003_80c:-
-
cpe:2.3:h:juniper:ptx10003_81cd:-
-
cpe:2.3:h:juniper:ptx10004:-
-
cpe:2.3:h:juniper:ptx10008:-
-
cpe:2.3:h:juniper:ptx1000:-
-
cpe:2.3:h:juniper:ptx10016:-
-
cpe:2.3:h:juniper:ptx3000:-
-
cpe:2.3:h:juniper:ptx5000:-
-
cpe:2.3:h:juniper:qfx10000:-
-
cpe:2.3:h:juniper:srx100:-
-
cpe:2.3:h:juniper:srx110:-
-
cpe:2.3:h:juniper:srx1400:-
-
cpe:2.3:h:juniper:srx1500:-
-
cpe:2.3:h:juniper:srx210:-
-
cpe:2.3:h:juniper:srx220:-
-
cpe:2.3:h:juniper:srx240:-
-
cpe:2.3:h:juniper:srx240h2:-
-
cpe:2.3:h:juniper:srx240m:-
-
cpe:2.3:h:juniper:srx300:-
-
cpe:2.3:h:juniper:srx320:-
-
cpe:2.3:h:juniper:srx3400:-
-
cpe:2.3:h:juniper:srx340:-
-
cpe:2.3:h:juniper:srx345:-
-
cpe:2.3:h:juniper:srx3600:-
-
cpe:2.3:h:juniper:srx380:-
-
cpe:2.3:h:juniper:srx4000:-
-
cpe:2.3:h:juniper:srx4100:-
-
cpe:2.3:h:juniper:srx4200:-
-
cpe:2.3:h:juniper:srx4600:-
-
cpe:2.3:h:juniper:srx5000:-
-
cpe:2.3:h:juniper:srx5400:-
-
cpe:2.3:h:juniper:srx550:-
-
cpe:2.3:h:juniper:srx550_hm:-
-
cpe:2.3:h:juniper:srx550m:-
-
cpe:2.3:h:juniper:srx5600:-
-
cpe:2.3:h:juniper:srx5800:-
-
cpe:2.3:h:juniper:srx650:-
-
cpe:2.3:h:juniper:t1600:-
-
cpe:2.3:h:juniper:t320:-
-
cpe:2.3:h:juniper:t4000:-
-
cpe:2.3:h:juniper:t640:-
-
cpe:2.3:o:juniper:junos:12.1x46
-
cpe:2.3:o:juniper:junos:12.3
-
cpe:2.3:o:juniper:junos:12.3x48
-
cpe:2.3:o:juniper:junos:15.1
-
cpe:2.3:o:juniper:junos:15.1x49
-
cpe:2.3:o:juniper:junos:15.1x53
-
cpe:2.3:o:juniper:junos:16.1
-
cpe:2.3:o:juniper:junos:16.2
-
cpe:2.3:o:juniper:junos:17.1
-
cpe:2.3:o:juniper:junos:17.2
-
cpe:2.3:o:juniper:junos:17.3
-
cpe:2.3:o:juniper:junos:17.4
-
cpe:2.3:o:juniper:junos:18.1
-
cpe:2.3:o:juniper:junos:18.2
-
cpe:2.3:o:juniper:junos:18.3
-
cpe:2.3:o:juniper:junos:18.4