QwikSec

Security Database

CVE

CWE

Training

CVE-2014-9707

Published: Mar 31, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/embedthis/goahead/issues/106

x_refsource_CONFIRM

20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1

mailing-list

x_refsource_FULLDISC

https://github.com/embedthis/goahead/commit/eed4a7d177bf94a54c7b06ccce88507fbd76fb77

x_refsource_CONFIRM

http://packetstormsecurity.com/files/131156/GoAhead-3.4.1-Heap-Overflow-Traversal.html

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.