Cisco Talos researchers have identified two vulnerabilities in the GoAhead embedded web server, including a critical flaw that can be exploited for remote code execution.
Developed by EmbedThis, GoAhead is advertised as the “world’s most popular tiny embedded web server.” Both open source and enterprise versions are available and the vendor says GoAhead is present in hundreds of millions of devices. A Shodan search for GoAhead currently shows over 1.3 million internet-connected systems.
The critical GoAhead vulnerability discovered by Talos is related to how multi-part/form-data requests are processed. An unauthenticated attacker can exploit this weakness to trigger a use-after-free condition and execute arbitrary code on the server by sending specially crafted HTTP requests.
The security hole is tracked as CVE-2019-5096 and it has been assigned a CVSS score of 9.8.
The second flaw identified by Talos researchers in the GoAhead web server is CVE-2019-5097, which can be exploited by an unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted HTTP requests.
Malicious requests can cause the DoS condition by triggering an infinite loop in the process, Talos said. This issue is considered only “medium” in terms of severity.
Talos has reproduced the vulnerabilities on versions 5.0.1, 4.1.1 and 3.6.5. The company reported its findings to EmbedThis in late August and the vendor released patches for both security holes on November 21.
Cisco has published advisories, including technical information, for both vulnerabilities.
Despite being very popular, not many vulnerabilities have been found in GoAhead in the past few years. A DoS flaw was disclosed earlier this year and a potentially serious remote code execution vulnerability — the weakness could be triggered only in special conditions — was made public in late 2017.
Related: ProFTPD Vulnerability Can Expose Servers to Attacks
Related: Critical Remote Code Execution Vulnerability Patched in Exim Email Server
Related: Hackers Target Recent Vulnerability in Exim Mail Server