Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mbedthis_software | mbedthis_appweb_http_server | 1.0.2 |
| mbedthis_software | mbedthis_appweb_http_server | 1.0 |
| mbedthis_software | mbedthis_appweb_http_server | 1.1.1 |
| mbedthis_software | mbedthis_appweb_http_server | 1.0.4 |
| mbedthis_software | mbedthis_appweb_http_server | 1.1.2 |
| mbedthis_software | mbedthis_appweb_http_server | 1.1 |
| mbedthis_software | mbedthis_appweb_http_server | 1.0.3 |
| mbedthis_software | mbedthis_appweb_http_server | 1.0.1 |
Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mbedthis_software | mbedthis_appweb_http_server | 1.0 |
| mbedthis_software | mbedthis_appweb_http_server | 1.0.1 |
Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mbedthis_software | mbedthis_appweb_http_server | 1.0.2 |
| mbedthis_software | mbedthis_appweb_http_server | 1.0 |
| mbedthis_software | mbedthis_appweb_http_server | 1.1.1 |
| mbedthis_software | mbedthis_appweb_http_server | 1.0.4 |
| mbedthis_software | mbedthis_appweb_http_server | 1.1.2 |
| mbedthis_software | mbedthis_appweb_http_server | 1.1 |
| mbedthis_software | mbedthis_appweb_http_server | 1.0.3 |
| mbedthis_software | mbedthis_appweb_http_server | 1.0.1 |