HTTP: EmbedThis GoAhead Web Server File Upload Vulnerability
This signature detects attempts to exploit a known vulnerability against EmbedThis GoAhead Web Server. A successful attack can lead to remote file inclusion.
Extended Description
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.
Affected Products
Embedthis goahead
Short Name
HTTP:CTS:EMBEDTHIS-GOAHD-WS-FU
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2021-42342 CVE-2021-45342 EmbedThis File GoAhead Server Upload Vulnerability Web
Release Date
03/03/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3796
False Positive
Unknown
Vendors
Embedthis
CVSS Score
7.5