CPE-8A00617C-8810-46E8-84A9-5ED901492219 Detail

CPE Details

Embedthis GoAhead 4.0.0

Vendor

embedthis

Product

goahead

Version

4.0.0

Created

2019-06-17
10h24 +00:00

Modified

2019-06-17
10h24 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:embedthis:goahead:4.0.0:::::::*

Informations

Vendor

embedthis

Product

goahead

Version

4.0.0

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2021-43298	2022-01-25 18h11 +00:00	The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response.	9.8	Critical
CVE-2021-42342	2021-10-14 03h08 +00:00	An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.	9.8	Critical
CVE-2020-15688	2020-07-23 10h32 +00:00	The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.	8.8	High
CVE-2019-19240	2019-11-22 17h46 +00:00	Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response.	5.3	Medium
CVE-2019-12822	2019-06-14 11h06 +00:00	In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.	7.5	High
CVE-2018-15504	2018-08-17 22h00 +00:00	An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.	7.5	High
CVE-2018-15505	2018-08-17 22h00 +00:00	An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.	7.5	High
CVE-2017-1000471	2018-01-03 20h00 +00:00	EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.	9.8	Critical

Embedthis GoAhead 4.0.0

CPE Details

CPE Name: cpe:2.3:a:embedthis:goahead:4.0.0:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:embedthis:goahead:4.0.0:::::::*