Vulnerabilities > CVE-2018-15504 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Junos Local Security Checks |
NASL id | JUNIPER_JSA10948.NASL |
description | The version of Junos OS installed on the remote host is prior to 12.3R12-S14, 12.3X48-D80, 15.1F6-S13, 15.1X49-D170, 15.1X53-D497, 16.1R4-S13, 16.2R2-S10, 17.1R3, 17.2R2-S7, 17.3R3-S5, 17.4R1-S7, or 18.1R3-S5. It is, therefore, affected by multiple vulnerabilities as referenced in the JSA10948 advisory: - A denial of service (DoS) vulnerability exists in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2 due to An HTTP POST request with a specially crafted |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 132038 |
published | 2019-12-13 |
reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/132038 |
title | Juniper Embedthis GoAhead Denial Of Service Vulnerabilities (JSA10948) |
code |
|
References
- https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef
- https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef
- https://github.com/embedthis/appweb/issues/605
- https://github.com/embedthis/appweb/issues/605
- https://github.com/embedthis/goahead/issues/264
- https://github.com/embedthis/goahead/issues/264
- https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server
- https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server
- https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved
- https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved