CVE-2014-9707

Name of the Vulnerable Software and Affected Versions EmbedThis GoAhead versions 3.0.0 through 3.4.1

Description The issue allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI. This is due to the improper handling of path segments starting with a . (dot).

Recommendations For EmbedThis GoAhead versions 3.0.0 through 3.4.1, update to a version that properly handles path segments to prevent directory traversal attacks and other potential issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.