NULL Pointer Dereference Vulnerability in GoAhead Web Server Software
CVE-2017-14149

7.5HIGH

Key Information:

Vendor: Embedthis
Status: Goahead
Vendor: CVE Published:; 5 September 2017

What is CVE-2017-14149?

The GoAhead Web Server versions 3.4.0 to 3.6.5 are susceptible to a NULL Pointer Dereference vulnerability within the websDecodeUrl function located in http.c. This flaw can be exploited through a specially crafted HTTP POST request. An attacker could trigger this vulnerability, resulting in the server crashing and leading to potential service interruptions. Users of affected GoAhead versions are advised to apply patches or upgrade their installations to mitigate this risk.

References

https://github.com/shadow4u/goaheaddebug/blob/master/READ...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 5, 2017

Embedthis

What is CVE-2017-14149?

References

CVSS V3.1

Timeline