CVE-2020-15688 – EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse
https://notcve.org/view.php?id=CVE-2020-15688
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. La autenticación de HTTP Digest en el servidor web de GoAhead versiones anteriores a 5.1.2 no protege completamente contra los ataques de repetición. Esto permite a un atacante remoto no autenticado eludir la autenticación a través de la captura-reproducción si no se utiliza el TLS para proteger el canal de comunicación subyacente A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. • http://packetstormsecurity.com/files/159505/EmbedThis-GoAhead-Web-Server-5.1.1-Digest-Authentication-Capture-Replay-Nonce-Reuse.html https://github.com/embedthis/goahead-gpl/issues/3 • CWE-294: Authentication Bypass by Capture-replay •
CVE-2019-19240
https://notcve.org/view.php?id=CVE-2019-19240
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response. Incruste GoAhead versiones anteriores a 5.0.1, maneja inapropiadamente las peticiones HTTP redireccionadas con un encabezado Host grande. GoAhead WebsRedirect utiliza un búfer de host estático que posee una longitud limitada y puede desbordarse. • https://github.com/embedthis/goahead/issues/289 https://github.com/embedthis/goahead/issues/290 https://github.com/embedthis/goahead/releases/tag/v5.0.1 • CWE-787: Out-of-bounds Write CWE-908: Use of Uninitialized Resource •
CVE-2019-16645 – GoAhead 2.5.0 - Host Header Injection
https://notcve.org/view.php?id=CVE-2019-16645
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. Se detectó un problema en Embedthis GoAhead versión 2.5.0. Ciertas páginas (tales como goform/login y config/log_off_page.htm) crean enlaces que contienen un nombre del host obtenido desde un encabezado de Host HTTP arbitrario enviado por parte de un atacante. • https://www.exploit-db.com/exploits/47439 http://packetstormsecurity.com/files/154652/GoAhead-2.5.0-Host-Header-Injection.html https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-12822
https://notcve.org/view.php?id=CVE-2019-12822
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. En el archivo http.c en Embedthis GoAhead anterior a versión 4.1.1 y versión 5.x anterior a la 5.0.1, una vulnerabilidad en el análisis de encabezado provoca una aserción de memoria, una referencia de memoria fuera de límites y un potencial DoS, como fue demostrado por dos puntos en una línea por sí misma. • https://github.com/embedthis/goahead/compare/5349710...579f21f https://github.com/embedthis/goahead/issues/285 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVE-2018-15504
https://notcve.org/view.php?id=CVE-2018-15504
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. Se ha descubierto un problema en Embedthis GoAhead en versiones anteriores a la 4.0.1 y Appweb anteriores a la 7.0.2. El servidor maneja incorrectamente algunos campos request HTTP asociados con time, lo que resulta en una desreferencia de puntero NULL, tal y como queda demostrado con If-Modified-Since o If-Unmodified-Since con mes mayor a 11. • https://github.com/embedthis/appweb/commit/66067ae6d1fa08b37a270e7dc1821df52ed2daef https://github.com/embedthis/appweb/issues/605 https://github.com/embedthis/goahead/issues/264 https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved • CWE-476: NULL Pointer Dereference •