CVE-2019-5097

Name of the Vulnerable Software and Affected Versions GoAhead web server versions v3.6.5, v4.1.1, v5.0.1

Description A denial-of-service issue exists in the processing of multi-part/form-data requests in the base GoAhead web server application. This can be triggered by a specially crafted HTTP request, leading to an infinite loop in the process. The request can be unauthenticated, in the form of GET or POST requests, and does not require the requested resource to exist on the server.

Recommendations For version v3.6.5, consider disabling the processing of multi-part/form-data requests until a patch is available. For version v4.1.1, restrict access to the web server application to minimize the risk of exploitation. For version v5.0.1, avoid using the multi-part/form-data request type in the affected API endpoint until the issue is resolved.