CVE-2019-5096

Summary

CVE	CVE-2019-5096
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-12-03 22:15:00 UTC
Updated	2022-06-17 13:34:00 UTC
Description	An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Embedthis	Goahead	3.6.5	All	All	All
Application	Embedthis	Goahead	4.1.1	All	All	All
Application	Embedthis	Goahead	5.0.1	All	All	All
Application	Embedthis	Goahead	3.6.5	All	All	All
Application	Embedthis	Goahead	4.1.1	All	All	All
Application	Embedthis	Goahead	5.0.1	All	All	All

References

Reference	Source	Link	Tags
TALOS-2019-0888 \|\| Cisco Talos Intelligence Group - Comprehensive Threat Intelligence	MISC	talosintelligence.com	Exploit, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590961 Rockwell Automation 1783-NATR Multiple Vulnerabilities (PN1580)