Embedthis: >> Appweb >> 7.0.2 Security Vulnerabilities
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-07-13
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
CVSS Score
8.1
EPSS Score
0.887
Published
2018-03-15