CVE-2017-1000471 - EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI han

CVE-2017-1000471

Summary

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.

References

https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7
https://github.com/embedthis/goahead/pull/258

Vulnerable Configurations

cpe:2.3:a:embedthis:goahead:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:embedthis:goahead:4.0.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-01-2018 - 15:40)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc

https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7
https://github.com/embedthis/goahead/pull/258

Last major update

17-01-2018 - 15:40

Published

03-01-2018 - 20:29

Last modified

17-01-2018 - 15:40