CVE-2014-9707CVE-2014-9707

Affected configuration(s):

cpe:/a:embedthis:goahead:3.0.0
cpe:/a:embedthis:goahead:3.3.1
cpe:/a:embedthis:goahead:3.3.2
cpe:/a:embedthis:goahead:3.3.3
cpe:/a:embedthis:goahead:3.3.4
cpe:/a:embedthis:goahead:3.3.5
cpe:/a:embedthis:goahead:3.3.6
cpe:/a:embedthis:goahead:3.4.0

Date published: 2015-03-31T10:59:06.250-04:00

Date last modified: 2016-04-01T14:36:26.497-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html

Summary: EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.