Security News > 2019 > December > Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
2019-12-04 04:48
Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/NkhkgWfUGAA/goahead-web-server-hacking.html
Related news
- Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers (source)
- Web-based PLC malware: A new potential threat to critical infrastructure (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-03 | CVE-2019-5096 | Use After Free vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1 An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. | 7.5 |