What is CVE-2018-8715?

CVE-2018-8715 is a vulnerability in N/a. Published 2018-03-14.

Is CVE-2018-8715 known to be exploited?

20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-8715

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login type…

EPSS: 0.918 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
20142995/pocsuite3
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
CLincat/vulcat
HimmelAward/Goby_
NyxAzrael/Goby_
SexyBeast233/SecBooks
Threekiii/Awesome-POC

References

github.com/embedthis/appweb/issues/610 (x_refsource_MISC)
blogs.securiteam.com/index.php/archives/3676 (x_refsource_MISC)
security.paloaltonetworks.com/CVE-2018-8715 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-8715?: CVE-2018-8715 is a vulnerability in N/a. Published 2018-03-14.
Is CVE-2018-8715 known to be exploited?: 20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.