CVE-2018-15504

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.5HIGH

EPSS

0.5%

top 35.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Embedthis Appweb Embedthis Goahead Juniper Junos

Timeline

PublishedAug 18

Latest updateMay 14

Description

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDembedthis/appweb< 7.0.2

▶NVDembedthis/goahead< 4.0.1

▶NVDjuniper/junos16 versions+15

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-x64c-pwxp-r95w: An issue was discovered in Embedthis GoAhead before 4↗2022-05-14

▶

CVEList

CVE-2018-15504: An issue was discovered in Embedthis GoAhead before 4↗2018-08-18

▶