CVE-2019-5097

Summary

CVE	CVE-2019-5097
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-12-03 22:15:00 UTC
Updated	2022-06-17 13:34:00 UTC
Description	A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.

Risk And Classification

Problem Types: CWE-835

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Embedthis	Goahead	3.6.5	All	All	All
Application	Embedthis	Goahead	4.1.1	All	All	All
Application	Embedthis	Goahead	5.0.1	All	All	All
Application	Embedthis	Goahead	3.6.5	All	All	All
Application	Embedthis	Goahead	4.1.1	All	All	All
Application	Embedthis	Goahead	5.0.1	All	All	All

References

Reference	Source	Link	Tags
TALOS-2019-0889 \|\| Cisco Talos Intelligence Group - Comprehensive Threat Intelligence	MISC	talosintelligence.com	Exploit, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590961 Rockwell Automation 1783-NATR Multiple Vulnerabilities (PN1580)