The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
References
Link | Resource |
---|---|
https://blogs.securiteam.com/index.php/archives/3676 | Exploit Third Party Advisory |
https://github.com/embedthis/appweb/issues/610 | Patch Third Party Advisory |
https://security.paloaltonetworks.com/CVE-2018-8715 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-14T20:00:00
Updated: 2020-02-17T16:03:47
Reserved: 2018-03-14T00:00:00
Link: CVE-2018-8715
JSON object: View
NVD Information
Status : Modified
Published: 2018-03-15T01:29:04.447
Modified: 2020-02-17T16:15:25.207
Link: CVE-2018-8715
JSON object: View
Redhat Information
No data.
CWE