Embedthis Appweb vulnerabilities

CVE-2021-33254 [HIGH] CWE-476 CVE-2021-33254: An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows at An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.

CVE-2020-15689 [HIGH] CWE-476 CVE-2020-15689: Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request wi Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.

CVE-2018-15504 [HIGH] CWE-476 CVE-2018-15504: An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishan An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.

CVE-2018-15505 [HIGH] CWE-476 CVE-2018-15505: An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST requ An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.

CVE-2018-8715 [HIGH] CWE-287 CVE-2018-8715: The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authC The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.

CVE-2014-9708 [MEDIUM] CWE-476 CVE-2014-9708: Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of serv Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".