Mbedthis Software : Security Vulnerabilities, CVEs,

CVE-2007-3009

Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
Max CVSS
4.3
EPSS Score
7.22%
Published
2007-06-04
Updated
2011-03-08

CVE-2007-3008

Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
Max CVSS
4.3
EPSS Score
0.27%
Published
2007-06-04
Updated
2017-07-29

CVE-2004-2317

Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access.
Max CVSS
5.0
EPSS Score
0.19%
Published
2004-12-31
Updated
2008-09-05

CVE-2004-2315

Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request.
Max CVSS
5.0
EPSS Score
1.22%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2213

Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.
Max CVSS
5.0
EPSS Score
0.98%
Published
2004-12-31
Updated
2017-07-11
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close