Security News > 2019 > December > Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
2019-12-04 04:48
Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/NkhkgWfUGAA/goahead-web-server-hacking.html
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- Apache fixes remote code execution bypass in Tomcat web server (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-03 | CVE-2019-5096 | Use After Free vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1 An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. | 9.8 |