Connect with us

Hi, what are you looking for?



Critical Code Execution Vulnerability Found in GoAhead Web Server

Cisco Talos researchers have identified two vulnerabilities in the GoAhead embedded web server, including a critical flaw that can be exploited for remote code execution.

Cisco Talos researchers have identified two vulnerabilities in the GoAhead embedded web server, including a critical flaw that can be exploited for remote code execution.

Developed by EmbedThis, GoAhead is advertised as the “world’s most popular tiny embedded web server.” Both open source and enterprise versions are available and the vendor says GoAhead is present in hundreds of millions of devices. A Shodan search for GoAhead currently shows over 1.3 million internet-connected systems.

The critical GoAhead vulnerability discovered by Talos is related to how multi-part/form-data requests are processed. An unauthenticated attacker can exploit this weakness to trigger a use-after-free condition and execute arbitrary code on the server by sending specially crafted HTTP requests.

The security hole is tracked as CVE-2019-5096 and it has been assigned a CVSS score of 9.8.

The second flaw identified by Talos researchers in the GoAhead web server is CVE-2019-5097, which can be exploited by an unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted HTTP requests.

Malicious requests can cause the DoS condition by triggering an infinite loop in the process, Talos said. This issue is considered only “medium” in terms of severity.

Talos has reproduced the vulnerabilities on versions 5.0.1, 4.1.1 and 3.6.5. The company reported its findings to EmbedThis in late August and the vendor released patches for both security holes on November 21.

Advertisement. Scroll to continue reading.

Cisco has published advisories, including technical information, for both vulnerabilities.

Despite being very popular, not many vulnerabilities have been found in GoAhead in the past few years. A DoS flaw was disclosed earlier this year and a potentially serious remote code execution vulnerability — the weakness could be triggered only in special conditions — was made public in late 2017.

Related: ProFTPD Vulnerability Can Expose Servers to Attacks

Related: Critical Remote Code Execution Vulnerability Patched in Exim Email Server

Related: Hackers Target Recent Vulnerability in Exim Mail Server

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.