Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Mbedthis Software Subscribe
Filtered by product Mbedthis Appweb Http Server
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-3008 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2017-07-28 4.3 MEDIUM N/A
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
CVE-2004-2214 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2017-07-10 7.5 HIGH N/A
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters.
CVE-2004-2315 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2017-07-10 5.0 MEDIUM N/A
Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request.
CVE-2004-2213 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2017-07-10 5.0 MEDIUM N/A
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.
CVE-2004-2316 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2017-07-10 5.0 MEDIUM N/A
Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1.
CVE-2007-3009 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2011-03-07 4.3 MEDIUM N/A
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
CVE-2004-2317 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2008-09-05 5.0 MEDIUM N/A
Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access.