{"api_version":"1","generated_at":"2026-04-23T05:57:16+00:00","cve":"CVE-2017-17562","urls":{"html":"https://cve.report/CVE-2017-17562","api":"https://cve.report/api/cve/CVE-2017-17562.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-17562","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-17562"},"summary":{"title":"CVE-2017-17562","description":"Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.","state":"PUBLISHED","assigner":"mitre","published_at":"2017-12-12 19:29:00","updated_at":"2026-04-21 18:00:30"},"problem_types":["NVD-CWE-noinfo","n/a","CWE-noinfo Not enough information"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://github.com/elttam/advisories/tree/master/CVE-2017-17562","name":"https://github.com/elttam/advisories/tree/master/CVE-2017-17562","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory"],"title":"advisories/CVE-2017-17562 at master · elttam/advisories · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/embedthis/goahead/issues/249","name":"https://github.com/embedthis/goahead/issues/249","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Issue Tracking","Third Party Advisory"],"title":"","mime":"text/plain","httpstatus":"404","archivestatus":"404"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-17562","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-17562","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74","name":"https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Patch","Third Party Advisory"],"title":"","mime":"text/plain","httpstatus":"404","archivestatus":"404"},{"url":"https://www.elttam.com.au/blog/goahead/","name":"https://www.elttam.com.au/blog/goahead/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Exploit","Patch","Third Party Advisory"],"title":"elttam - Remote LD_PRELOAD Exploitation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/43877/","name":"https://www.exploit-db.com/exploits/43877/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit) - Multiple remote Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1040702","name":"http://www.securitytracker.com/id/1040702","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"Solaris Multiple Flaws Let Remote and Local Users Deny Service, Remote and Local Users Access Data, Remote Authenticated Users Gain Elevated Privileges, and Remote Authenticated and Local Users Modify Data - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/43360/","name":"https://www.exploit-db.com/exploits/43360/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution - Linux remote Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update - April 2018","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-17562","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17562","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[{"source":"ADP","time":"2021-12-10T00:00:00.000Z","lang":"en","value":"CVE-2017-17562 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"17562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"embedthis","cpe5":"goahead","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"17562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"integrated_lights_out_manager","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"17562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"integrated_lights_out_manager","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2017","cve_id":"17562","cve":"CVE-2017-17562","vendorProject":"Embedthis","product":"GoAhead","vulnerabilityName":"Embedthis GoAhead Remote Code Execution Vulnerability","dateAdded":"2021-12-10","shortDescription":"Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-06-10","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2017-17562","cwes":"CWE-20","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:11"},"epss":{"cve_year":"2017","cve_id":"17562","cve":"CVE-2017-17562","epss":"0.943120000","percentile":"0.999490000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:15"},"legacy_qids":[{"cve":"CVE-2017-17562","qid":"590949","title":"General Electric Renewable Energy MDS Radios Multiple Vulnerabilities (ICSA-22-090-06)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T20:51:32.399Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/elttam/advisories/tree/master/CVE-2017-17562"},{"name":"1040702","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1040702"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.elttam.com.au/blog/goahead/"},{"name":"43360","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/43360/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/embedthis/goahead/issues/249"},{"name":"43877","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/43877/"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2017-17562","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-02-04T20:55:58.575496Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2021-12-10","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-17562"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"description":"CWE-noinfo Not enough information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-21T23:45:57.300Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-17562"}],"timeline":[{"lang":"en","time":"2021-12-10T00:00:00.000Z","value":"CVE-2017-17562 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2017-12-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-04-19T01:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://github.com/elttam/advisories/tree/master/CVE-2017-17562"},{"name":"1040702","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1040702"},{"tags":["x_refsource_MISC"],"url":"https://www.elttam.com.au/blog/goahead/"},{"name":"43360","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/43360/"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"tags":["x_refsource_MISC"],"url":"https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74"},{"tags":["x_refsource_MISC"],"url":"https://github.com/embedthis/goahead/issues/249"},{"name":"43877","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/43877/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-17562","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://github.com/elttam/advisories/tree/master/CVE-2017-17562","refsource":"MISC","url":"https://github.com/elttam/advisories/tree/master/CVE-2017-17562"},{"name":"1040702","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040702"},{"name":"https://www.elttam.com.au/blog/goahead/","refsource":"MISC","url":"https://www.elttam.com.au/blog/goahead/"},{"name":"43360","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/43360/"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"name":"https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74","refsource":"MISC","url":"https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74"},{"name":"https://github.com/embedthis/goahead/issues/249","refsource":"MISC","url":"https://github.com/embedthis/goahead/issues/249"},{"name":"43877","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/43877/"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2017-17562","datePublished":"2017-12-12T19:00:00.000Z","dateReserved":"2017-12-12T00:00:00.000Z","dateUpdated":"2025-10-21T23:45:57.300Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-12-12 19:29:00","lastModifiedDate":"2026-04-21 18:00:30","problem_types":["NVD-CWE-noinfo","n/a","CWE-noinfo Not enough information"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.5","matchCriteriaId":"C4A4F059-2004-44EE-9E6D-2DD0EAB2C2EF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:integrated_lights_out_manager:3.0:*:*:*:*:*:*:*","matchCriteriaId":"DCB44C83-4B33-49BF-9610-90203176FD2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:integrated_lights_out_manager:4.0:*:*:*:*:*:*:*","matchCriteriaId":"8150F44B-7603-4F06-96B9-265B9BC5C751"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"17562","Ordinal":"1","Title":"CVE-2017-17562","CVE":"CVE-2017-17562","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"17562","Ordinal":"1","NoteData":"Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.","Type":"Description","Title":"CVE-2017-17562"},{"CveYear":"2017","CveId":"17562","Ordinal":"2","NoteData":"2017-12-12","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"17562","Ordinal":"3","NoteData":"2018-04-18","Type":"Other","Title":"Modified"}]}}}