CVE-2017-14149

Published Sep 5, 2017

Last updated 7 years ago

CVSS high 7.5

Overview

Description: GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-476

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26DE3222-0FA8-49DE-8E94-AB3BC8816F9B"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60001CE1-A452-49B4-9C27-D892B91078F0"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCE3F237-3B0B-40B5-A3E3-E468883D6DFE"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CAEAA94-A8FB-4D32-9D8A-E06F2F548FD7"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83B7280F-4FBF-4451-BAAF-E90068CDAB9B"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F168E900-DFA1-4D9C-AD08-9A1B876C6DDC"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78418AE8-D5B3-4771-BFFD-DC28BBC42B1F"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF3BB240-A988-497F-82CE-F99C8438F0B1"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14B89AAB-1CBF-4862-A7AC-9DDEF026646D"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05918B61-7E62-40BA-9EF3-FB4DD2EC3BF1"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDD5EE6D-A498-4C35-81F7-684E30845E44"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "801889A1-C61C-4CC9-8B2A-46CF4E246978"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.4.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AF17ED0-EFA5-407E-9CCC-15543C2D194C"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BACEEDBF-0C89-46E7-9A00-9C4BD61DAE7E"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A7EE03C-294B-485E-9CA4-5E0714A2939C"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8EBF002-17C3-4AD5-BDC3-B7643BEA5173"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34B4E67D-5883-43A5-85B2-1E8D8D157F54"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACF0D5BD-F1C0-4DA0-9BC2-AE8DA03F2204"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F2A0A7F-8516-4405-A8C8-B862E59DEAC2"
          },
          {
            "criteria": "cpe:2.3:a:embedthis:goahead:3.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81A1B366-C737-43F7-A391-C28C434026C9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References