ID CVE-2014-9707
Summary EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.
References
Vulnerable Configurations
  • cpe:2.3:a:embedthis:goahead:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:embedthis:goahead:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:embedthis:goahead:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:embedthis:goahead:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:embedthis:goahead:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:embedthis:goahead:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:embedthis:goahead:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:embedthis:goahead:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:embedthis:goahead:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:embedthis:goahead:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:embedthis:goahead:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:embedthis:goahead:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:embedthis:goahead:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:embedthis:goahead:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:embedthis:goahead:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:embedthis:goahead:3.4.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 09-10-2018 - 19:55)
Impact:
Exploitability:
CWE CWE-17
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1
confirm
fulldisc 20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1
misc http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html
sectrack 1032208
Last major update 09-10-2018 - 19:55
Published 31-03-2015 - 14:59
Last modified 09-10-2018 - 19:55
Back to Top