Out-of-Bounds Read Vulnerability in CivetWeb Web Server
CVE-2018-12684

7.1HIGH

Key Information:

Vendor: Civetweb Project
Status: Civetweb
Vendor: CVE Published:; 22 June 2018

🔔 Create Civetweb Project Vulnerability Alert

What is CVE-2018-12684?

The CivetWeb web server is affected by an out-of-bounds read vulnerability in the send_ssi_file function. This flaw allows attackers to manipulate crafted Server Side Includes (SSI) files, leading to potential denial of service or unauthorized information disclosure. The vulnerability could disrupt service availability and leak sensitive data, making it crucial for users to update to newer versions to mitigate risks.

References

https://github.com/civetweb/civetweb/issues/633

x_refsource_MISC

https://github.com/civetweb/civetweb/commit/8fd069f6dedb0...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 22, 2018

CVE-2018-12684 Data

JSON