PT-2019-17476 · Goahead · Goahead Web Server
Published
2019-11-27
·
Updated
2022-06-17
·
CVE-2019-5096
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GoAhead web server versions v3.6.5, v4.1.1, v5.0.1
Description
A code execution issue exists in the processing of multi-part/form-data requests within the base GoAhead web server application. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request, corrupting heap structures and potentially leading to full code execution. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.
Recommendations
For version v3.6.5, update to a version that fixes the use-after-free condition in the processing of multi-part/form-data requests.
For version v4.1.1, update to a version that fixes the use-after-free condition in the processing of multi-part/form-data requests.
For version v5.0.1, update to a version that fixes the use-after-free condition in the processing of multi-part/form-data requests.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Goahead Web Server