Vulnerabilities > CVE-2019-5097 - Infinite Loop vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Talos
| id | TALOS-2019-0889 |
| last seen | 2019-12-07 |
| published | 2019-12-02 |
| reporter | Talos Intelligence |
| source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0889 |
| title | EmbedThis GoAhead web server denial-of-service vulnerability |
The Hacker News
| id | THN:50A8529AA2108DE31ECF8EAE1D08766A |
| last seen | 2019-12-04 |
| modified | 2019-12-04 |
| published | 2019-12-04 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2019/12/goahead-web-server-hacking.html |
| title | Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices |