exploitDog

CVE-2014-9707

Опубликовано: 31 мар. 2015

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:embedthis:goahead:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:embedthis:goahead:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:embedthis:goahead:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:embedthis:goahead:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:embedthis:goahead:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:embedthis:goahead:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:embedthis:goahead:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:embedthis:goahead:3.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.66123

Средний

7.5 High

CVSS2

Дефекты

CWE-17

Связанные уязвимости

GHSA-pc28-mpvf-j77x

github

больше 3 лет назад

EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.

EPSS

Процентиль: 98%

0.66123

Средний

7.5 High

CVSS2

Дефекты

CWE-17