Security News > 2019 > December > Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
2019-12-04 04:48
Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/NkhkgWfUGAA/goahead-web-server-hacking.html
Related news
- Rackspace internal monitoring web servers hit by zero-day (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-03 | CVE-2019-5096 | Use After Free vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1 An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. | 9.8 |