HTTP: EmbedThis GoAhead Web Server File Upload Denial of Service

This signature detects attempts to exploit a known vulnerability against EmbedThis GoAhead Web Server. A successful attack can result in a denial-of-service condition.

Extended Description

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.

Affected Products

Embedthis goahead

References

CVE: CVE-2019-5097

Short Name
HTTP:EMBDTHS-GOAHEAD-DOS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2019-5097 Denial EmbedThis File GoAhead Server Service Upload Web of
Release Date
01/17/2020
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3815
False Positive
Rarely
Vendors

Embedthis

CVSS Score

5.0

Found a potential security threat?