CVE-2019-5097

Опубликовано: 03 дек. 2019

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:embedthis:goahead:3.6.5:*:*:*:*:*:*:*

cpe:2.3:a:embedthis:goahead:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:embedthis:goahead:5.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04865

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835

Связанные уязвимости

GHSA-cj8r-mppq-qjm5

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 89%

0.04865

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835