4 matches found
CVE-2019-16645
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages such as goform/login and config/logoffpage.htm create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack...
Embedthis GoAhead 2.5.0 HTTP Header Injection Vulnerability - Active Check
Embedthis GoAhead is prone to an HTTP header injection vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2019-16645
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages such as goform/login and config/logoffpage.htm create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack...
CVE-2019-16645
CVE-2019-16645 affects Embedthis GoAhead 2.5.0 (and potentially similar versions). The issue is an HTTP Host header-based host name leakage in certain pages (e.g., goform/login, config/log_off_page.htm) that causes links to be constructed using an attacker-controlled Host header, enabling phishin...