CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Critical Code Execution Vulnerability Found in GoAhead Web Server

Cisco Talos researchers have identified two vulnerabilities in the GoAhead embedded web server, including a critical flaw that can be exploited for remote code execution.

Cisco Talos researchers have identified two vulnerabilities in the GoAhead embedded web server, including a critical flaw that can be exploited for remote code execution.

Developed by EmbedThis, GoAhead is advertised as the “world’s most popular tiny embedded web server.” Both open source and enterprise versions are available and the vendor says GoAhead is present in hundreds of millions of devices. A Shodan search for GoAhead currently shows over 1.3 million internet-connected systems.

The critical GoAhead vulnerability discovered by Talos is related to how multi-part/form-data requests are processed. An unauthenticated attacker can exploit this weakness to trigger a use-after-free condition and execute arbitrary code on the server by sending specially crafted HTTP requests.

The security hole is tracked as CVE-2019-5096 and it has been assigned a CVSS score of 9.8.

The second flaw identified by Talos researchers in the GoAhead web server is CVE-2019-5097, which can be exploited by an unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted HTTP requests.

Malicious requests can cause the DoS condition by triggering an infinite loop in the process, Talos said. This issue is considered only “medium” in terms of severity.

Talos has reproduced the vulnerabilities on versions 5.0.1, 4.1.1 and 3.6.5. The company reported its findings to EmbedThis in late August and the vendor released patches for both security holes on November 21.

Cisco has published advisories, including technical information, for both vulnerabilities.

Advertisement. Scroll to continue reading.

Despite being very popular, not many vulnerabilities have been found in GoAhead in the past few years. A DoS flaw was disclosed earlier this year and a potentially serious remote code execution vulnerability — the weakness could be triggered only in special conditions — was made public in late 2017.

Related: ProFTPD Vulnerability Can Expose Servers to Attacks

Related: Critical Remote Code Execution Vulnerability Patched in Exim Email Server

Related: Hackers Target Recent Vulnerability in Exim Mail Server

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.