CVE-2017-14149
https://notcve.org/view.php?id=CVE-2017-14149
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. GoAhead en versiones de la 3.4.0 a la 3.6.5 presenta una desreferencia de puntero NULL en la función websDecodeUrl en http.c, lo que da lugar a un bloqueo en una petición "POST / HTTP/1.1". • https://github.com/shadow4u/goaheaddebug/blob/master/README.md • CWE-476: NULL Pointer Dereference •
CVE-2014-9707 – Embedthis GoAhead Embedded Web Server Directory Traversal
https://notcve.org/view.php?id=CVE-2014-9707
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI. EmbedThis GoAhead 3.0.0 hasta 3.4.1 no maneja correctamente los segmentos de rutas que comienzan con un . (punto), lo que permite a atacantes remotos realizar ataques de salto de directorio, causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica y caída), o posiblemente ejecutar código arbitrario a través de una URI manipulada. GoAhead web server versions 3.0.0 through 3.4.1 suffers from heap overflow and directory traversal vulnerabilities. • http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html http://seclists.org/fulldisclosure/2015/Mar/157 http://www.securityfocus.com/archive/1/535027/100/0/threaded http://www.securitytracker.com/id/1032208 https://github.com/embedthis/goahead/commit/eed4a7d177bf94a54c7b06ccce88507fbd76fb77 https://github.com/embedthis/goahead/issues/106 - • CWE-17: DEPRECATED: Code •