Lucene search
+L

7 matches found

CVE
CVE
added 2017/12/12 7:0 p.m.1103 views

CVE-2017-17562

Embedthis GoAhead before 3.6.5 allows remote code execution when CGI is enabled and a CGI program is dynamically linked. The root cause is the initialization of the CGI environment from untrusted HTTP request parameters in cgi.c, enabling abuse via LD_PRELOAD and similar payloads posted to /proc/...

8.1CVSS8.2AI score0.96327EPSS
In wildWeb
CVE
CVE
added 2019/11/22 6:46 p.m.127 views

CVE-2019-19240

The CVE-2019-19240 entry concerns Embedthis GoAhead before 5.0.1. Affected component: GoAhead WebsRedirect, which uses a fixed-size host buffer. Under certain redirected HTTP requests with a large Host header, the copy of the Host header can overflow, leaving the buffer uninitialized and potentia...

5.3CVSS5.3AI score0.01541EPSS
CVE
CVE
added 2020/07/23 12:32 p.m.106 views

CVE-2020-15688

Vulnerability context: GoAhead Web Server before 5.1.2 is susceptible to a Digest authentication replay attack. An unauthenticated remote attacker can bypass authentication via capture-replay if TLS is not protecting the channel. The issue is tied to the Digest authentication implementation, not ...

8.8CVSS8.8AI score0.04039EPSS
Web
CVE
CVE
added 2019/06/14 1:6 p.m.84 views

CVE-2019-12822

CVE-2019-12822 affects Embedthis GoAhead, specifically http.c, where a header parsing vulnerability in GoAhead before 4.1.1 and 5.x before 5.0.1 leads to a memory assertion, out-of-bounds memory reference, and potential DoS (demonstrated by a colon on a line by itself). Connected documents corrob...

7.5CVSS7.5AI score0.08848EPSS
CVE
CVE
added 2022/01/25 7:11 p.m.69 views

CVE-2021-43298

CVE-2021-43298 corresponds to a vulnerability in Embedthis GoAhead web server where the password check for HTTP Basic authentication does not use constant-time comparison and lacks rate-limiting, enabling an unauthenticated attacker to brute-force the password by timing responses. Connected sourc...

9.8CVSS9.6AI score0.02256EPSS
CVE
CVE
added 2018/08/18 12:0 a.m.65 views

CVE-2018-15504

CVE-2018-15504 affects Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The issue is a NULL pointer dereference caused by mishandling HTTP time-related request fields, demonstrated by If-Modified-Since or If-Unmodified-Since with a month value >11. This can lead to denial of service. Th...

7.5CVSS7.5AI score0.02766EPSS
CVE
CVE
added 2018/08/18 12:0 a.m.65 views

CVE-2018-15505

CVE-2018-15505 describes a NULL pointer dereference inEmbedthis GoAhead (before 4.0.1) and Appweb (before 7.0.2) triggered by an HTTP POST with a specially crafted Host header, notably demonstrated by a missing trailing ‘]’ in IPv6 addresses, causing a denial of service. Affected products/version...

7.5CVSS7.5AI score0.02227EPSS