Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9707

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9707
Last Modified 11 May 2015 10:02:08
Published 31 Mar 2015 10:59:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9707

Summary

EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.

Vulnerable Systems

Application

  • Embedthis Goahead 3.0.0

  • Embedthis Goahead 3.3.1

  • Embedthis Goahead 3.3.2

  • Embedthis Goahead 3.3.3

  • Embedthis Goahead 3.3.4

  • Embedthis Goahead 3.3.5

  • Embedthis Goahead 3.3.6

  • Embedthis Goahead 3.4.0


References

CONFIRM - https://github.com/embedthis/goahead/issues/106

CONFIRM - https://github.com/embedthis/goahead/commit/eed4a7d177bf94a54c7b06ccce88507fbd76fb77

BUGTRAQ - 20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1

MISC - http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html

SECTRACK - 1032208


Last Updated: 27 May 2016 11:08:17