Description

Appweb before 7.0.3 has a logic flaw. An attacker can bypass the webserver's authentication with a specially crafted HTTP request.

Remediation

Upgrade to the latest version of AppWeb

References

AppWeb Authentication Bypass

Related Vulnerabilities

Oracle Application Server Credentials Management Errors Vulnerability (CVE-2004-1366)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1903)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8155)

Moodle Improper Input Validation Vulnerability (CVE-2020-10738)

Sqlite NULL Pointer Dereference Vulnerability (CVE-2018-8740)

Severity

High

Classification

CVE-2018-8715 CWE-287 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass Known Vulnerabilities