PT-2019-14735 · Embedthis · Goahead
Ramikan
·
Publicado
2019-09-20
·
Atualizado
2020-08-24
·
CVE-2019-16645
CVSS v3.1
8.6
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Embedthis GoAhead version 2.5.0
Description
An issue was discovered where certain pages, such as "goform/login" and "config/log off page.htm", create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
Recommendations
For Embedthis GoAhead version 2.5.0, consider restricting access to the affected pages, such as "goform/login" and "config/log off page.htm", until a patch is available. As a temporary workaround, avoid using the arbitrary HTTP Host header to generate links on these pages.
Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Goahead