Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.
Threat-Mapped Scoring
Score: 1.8
Priority: P4 - Informational (Low)
S9 – Sabotage of System/App
EPSS
Score: 0.00427Percentile:
0.6153
CVSS Scoring
CVSS v2 Score: 5.0
Severity:
Affected Products
cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mbedthis_software:mbedthis_appweb_http_server:1.1.2:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me