Details of VAR-201112-0004

ID

VAR-201112-0004

CVE

CVE-2009-5111

TITLE

GoAhead WebServer Service disruption in ( Stop daemon ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-003573

DESCRIPTION

GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. GoAhead WebServer is prone to a denial-of-service vulnerability. An attacker can exploit this issue to consume all available sockets, resulting in a denial-of-service condition. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications. This vulnerability has been confirmed in Slowloris

Trust: 1.98

sources: NVD: CVE-2009-5111 // JVNDB: JVNDB-2011-003573 // BID: 52445 // VULHUB: VHN-42557

AFFECTED PRODUCTS

vendor:	goahead	model:	webserver	scope:	-	version:	-	Trust: 1.4
vendor:	goahead	model:	webserver	scope:	eq	version:	*	Trust: 1.0
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1	Trust: 0.6
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.8	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.7	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.6	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.5	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.4	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.3	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.0	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.5	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.18	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	0	Trust: 0.3

sources: BID: 52445 // JVNDB: JVNDB-2011-003573 // CNNVD: CNNVD-201112-463 // NVD: CVE-2009-5111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-5111
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-5111
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201112-463
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-42557
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-5111
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-42557
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-42557 // JVNDB: JVNDB-2011-003573 // CNNVD: CNNVD-201112-463 // NVD: CVE-2009-5111

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-42557 // JVNDB: JVNDB-2011-003573 // NVD: CVE-2009-5111

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-463

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201112-463

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003573

PATCH

title:

Top Page

url:

http://www.goahead.com

Trust: 0.8

sources: JVNDB: JVNDB-2011-003573

EXTERNAL IDS

db:	NVD	id:	CVE-2009-5111	Trust: 2.8
db:	JVNDB	id:	JVNDB-2011-003573	Trust: 0.8
db:	CNNVD	id:	CNNVD-201112-463	Trust: 0.7
db:	BID	id:	52445	Trust: 0.4
db:	VULHUB	id:	VHN-42557	Trust: 0.1

sources: VULHUB: VHN-42557 // BID: 52445 // JVNDB: JVNDB-2011-003573 // CNNVD: CNNVD-201112-463 // NVD: CVE-2009-5111

REFERENCES

url:	http://ha.ckers.org/slowloris/	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-5111	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-5111	Trust: 0.8
url:	http://www.goahead.com/products/webserver/default.aspx	Trust: 0.3

sources: VULHUB: VHN-42557 // BID: 52445 // JVNDB: JVNDB-2011-003573 // CNNVD: CNNVD-201112-463 // NVD: CVE-2009-5111

CREDITS

RSnake

Trust: 0.3

sources: BID: 52445

SOURCES

db:	VULHUB	id:	VHN-42557
db:	BID	id:	52445
db:	JVNDB	id:	JVNDB-2011-003573
db:	CNNVD	id:	CNNVD-201112-463
db:	NVD	id:	CVE-2009-5111

LAST UPDATE DATE

2024-11-23T21:56:07.017000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-42557	date:	2011-12-28T00:00:00
db:	BID	id:	52445	date:	2015-03-19T08:51:00
db:	JVNDB	id:	JVNDB-2011-003573	date:	2012-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201112-463	date:	2011-12-28T00:00:00
db:	NVD	id:	CVE-2009-5111	date:	2024-11-21T01:11:11.813

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-42557	date:	2011-12-27T00:00:00
db:	BID	id:	52445	date:	2009-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2011-003573	date:	2012-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201112-463	date:	2011-12-28T00:00:00
db:	NVD	id:	CVE-2009-5111	date:	2011-12-27T18:55:01.047