CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43298
https://notcve.org/view.php?id=CVE-2021-43298
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response. El código que lleva a cabo la coincidencia de contraseñas cuando es usada la autenticación HTTP "Basic" no usa un memcmp de tiempo constante y no presenta limitación de velocidad. Esto significa que un atacante de red no autenticado puede forzar la contraseña básica HTTP, byte a byte, registrando el tiempo de respuesta del servidor web hasta la respuesta no autorizada (401) • https://github.com/embedthis/goahead/issues/304 • CWE-208: Observable Timing Discrepancy CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2020-15688 – EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse
https://notcve.org/view.php?id=CVE-2020-15688
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. La autenticación de HTTP Digest en el servidor web de GoAhead versiones anteriores a 5.1.2 no protege completamente contra los ataques de repetición. Esto permite a un atacante remoto no autenticado eludir la autenticación a través de la captura-reproducción si no se utiliza el TLS para proteger el canal de comunicación subyacente A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. • http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html https://github.com/embedthis/goahead-gpl/issues/3 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19240
https://notcve.org/view.php?id=CVE-2019-19240
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response. Incruste GoAhead versiones anteriores a 5.0.1, maneja inapropiadamente las peticiones HTTP redireccionadas con un encabezado Host grande. GoAhead WebsRedirect utiliza un búfer de host estático que posee una longitud limitada y puede desbordarse. • https://github.com/embedthis/goahead/issues/289 https://github.com/embedthis/goahead/issues/290 https://github.com/embedthis/goahead/releases/tag/v5.0.1 • CWE-787: Out-of-bounds Write CWE-908: Use of Uninitialized Resource •
CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 2CVE-2019-16645 – GoAhead 2.5.0 - Host Header Injection
https://notcve.org/view.php?id=CVE-2019-16645
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. Se detectó un problema en Embedthis GoAhead versión 2.5.0. Ciertas páginas (tales como goform/login y config/log_off_page.htm) crean enlaces que contienen un nombre del host obtenido desde un encabezado de Host HTTP arbitrario enviado por parte de un atacante. • https://www.exploit-db.com/exploits/47439 http://packetstormsecurity.com/files/154652/GoAhead-2.5.0-Host-Header-Injection.html https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 17%CPEs: 2EXPL: 0CVE-2019-12822
https://notcve.org/view.php?id=CVE-2019-12822
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. En el archivo http.c en Embedthis GoAhead anterior a versión 4.1.1 y versión 5.x anterior a la 5.0.1, una vulnerabilidad en el análisis de encabezado provoca una aserción de memoria, una referencia de memoria fuera de límites y un potencial DoS, como fue demostrado por dos puntos en una línea por sí misma. • https://github.com/embedthis/goahead/compare/5349710...579f21f https://github.com/embedthis/goahead/issues/285 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •