Описание
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- Release Notes
- ExploitThird Party Advisory
- Third Party Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.1 (исключая)
cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00533
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-787
Связанные уязвимости
github
больше 3 лет назад
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response.
EPSS
Процентиль: 67%
0.00533
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-787