CVE-2018-8715

HIGH NUCLEI

Embedthis HTTP <7.0.3 - Auth Bypass

Title source: llm

Description

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.

Nuclei Templates (1)

AppWeb - Authentication Bypass

HIGHby milo2012

Shodan: cpe:"cpe:2.3:a:embedthis:appweb"

References (3)

[Various Sources] https://security.paloaltonetworks.com/CVE-2018-8715

[Exploit, Third Party Advisory] https://blogs.securiteam.com/index.php/archives/3676

[Patch, Third Party Advisory] https://github.com/embedthis/appweb/issues/610

Scores

CVSS v3 8.1

EPSS 0.9233

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

embedthis/appweb < 7.0.2

Published Mar 15, 2018

Tracked Since Feb 18, 2026