ID

VAR-201712-0864


CVE

CVE-2017-17562


TITLE

Embedthis GoAhead Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011723

DESCRIPTION

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0. Embedthis GoAhead Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Embedthis GoAhead is prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Embedthis GoAhead is an embedded Web server of American Embedthis software company. A security vulnerability exists in versions of Embedthis GoAhead prior to 3.6.5

Trust: 2.07

sources: NVD: CVE-2017-17562 // JVNDB: JVNDB-2017-011723 // BID: 103913 // VULHUB: VHN-108597 // VULMON: CVE-2017-17562

AFFECTED PRODUCTS

vendor:embedthismodel:goaheadscope:ltversion:3.6.5

Trust: 1.8

vendor:oraclemodel:integrated lights out managerscope:eqversion:4.0

Trust: 1.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.0

Trust: 1.3

vendor:embedthismodel:goaheadscope:eqversion:3.3.6

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.3.5

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.3.2

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.3.3

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.3.4

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.4.0

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.0.0

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.3.1

Trust: 0.6

vendor:embedthismodel:software goaheadscope:eqversion:3.6.4

Trust: 0.3

vendor:embedthismodel:software goaheadscope:neversion:3.6.5

Trust: 0.3

sources: BID: 103913 // JVNDB: JVNDB-2017-011723 // CNNVD: CNNVD-201712-407 // NVD: CVE-2017-17562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17562
value: HIGH

Trust: 1.0

NVD: CVE-2017-17562
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201712-407
value: HIGH

Trust: 0.6

VULHUB: VHN-108597
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-17562
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17562
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-108597
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17562
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-17562
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-108597 // VULMON: CVE-2017-17562 // JVNDB: JVNDB-2017-011723 // CNNVD: CNNVD-201712-407 // NVD: CVE-2017-17562

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-108597 // JVNDB: JVNDB-2017-011723 // NVD: CVE-2017-17562

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-407

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 103913 // CNNVD: CNNVD-201712-407

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011723

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-108597 // VULMON: CVE-2017-17562

PATCH

title:DEV: add CGI prefixesurl:https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74

Trust: 0.8

title:CGI environment variables need a prefix #249url:https://github.com/embedthis/goahead/issues/249

Trust: 0.8

title:Embedthis GoAhead Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77116

Trust: 0.6

title:Oracle: Oracle Critical Patch Update Advisory - April 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4019ca77f50c7a34e4d97833e6f3321e

Trust: 0.1

title:CVE-2017-17562url:https://github.com/ivanitlearning/CVE-2017-17562

Trust: 0.1

title:Goahead-CVE-2017-17562url:https://github.com/crispy-peppers/Goahead-CVE-2017-17562

Trust: 0.1

title:GoAhead-cve---2017--17562url:https://github.com/cyberharsh/GoAhead-cve---2017--17562

Trust: 0.1

sources: VULMON: CVE-2017-17562 // JVNDB: JVNDB-2017-011723 // CNNVD: CNNVD-201712-407

EXTERNAL IDS

db:NVDid:CVE-2017-17562

Trust: 2.9

db:EXPLOIT-DBid:43877

Trust: 1.1

db:EXPLOIT-DBid:43360

Trust: 1.1

db:SECTRACKid:1040702

Trust: 1.1

db:JVNDBid:JVNDB-2017-011723

Trust: 0.8

db:CNNVDid:CNNVD-201712-407

Trust: 0.7

db:ICS CERTid:ICSA-22-090-06

Trust: 0.6

db:BIDid:103913

Trust: 0.4

db:PACKETSTORMid:146061

Trust: 0.1

db:PACKETSTORMid:145471

Trust: 0.1

db:SEEBUGid:SSVID-96997

Trust: 0.1

db:VULHUBid:VHN-108597

Trust: 0.1

db:VULMONid:CVE-2017-17562

Trust: 0.1

sources: VULHUB: VHN-108597 // VULMON: CVE-2017-17562 // BID: 103913 // JVNDB: JVNDB-2017-011723 // CNNVD: CNNVD-201712-407 // NVD: CVE-2017-17562

REFERENCES

url:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Trust: 1.4

url:https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74

Trust: 1.4

url:https://github.com/embedthis/goahead/issues/249

Trust: 1.4

url:https://www.exploit-db.com/exploits/43360/

Trust: 1.1

url:https://www.exploit-db.com/exploits/43877/

Trust: 1.1

url:https://github.com/elttam/advisories/tree/master/cve-2017-17562

Trust: 1.1

url:https://www.elttam.com.au/blog/goahead/

Trust: 1.1

url:http://www.securitytracker.com/id/1040702

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17562

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-17562

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-090-06

Trust: 0.6

url:http://embedthis.com/products/goahead/

Trust: 0.3

sources: VULHUB: VHN-108597 // BID: 103913 // JVNDB: JVNDB-2017-011723 // CNNVD: CNNVD-201712-407 // NVD: CVE-2017-17562

CREDITS

Reid Wightman of Dragos reported these vulnerabilities to GE.

Trust: 0.6

sources: CNNVD: CNNVD-201712-407

SOURCES

db:VULHUBid:VHN-108597
db:VULMONid:CVE-2017-17562
db:BIDid:103913
db:JVNDBid:JVNDB-2017-011723
db:CNNVDid:CNNVD-201712-407
db:NVDid:CVE-2017-17562

LAST UPDATE DATE

2024-11-23T21:53:15.038000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-108597date:2018-04-20T00:00:00
db:VULMONid:CVE-2017-17562date:2018-04-20T00:00:00
db:BIDid:103913date:2017-12-12T00:00:00
db:JVNDBid:JVNDB-2017-011723date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201712-407date:2022-04-01T00:00:00
db:NVDid:CVE-2017-17562date:2024-11-21T03:18:10.290

SOURCES RELEASE DATE

db:VULHUBid:VHN-108597date:2017-12-12T00:00:00
db:VULMONid:CVE-2017-17562date:2017-12-12T00:00:00
db:BIDid:103913date:2017-12-12T00:00:00
db:JVNDBid:JVNDB-2017-011723date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201712-407date:2017-12-14T00:00:00
db:NVDid:CVE-2017-17562date:2017-12-12T19:29:00.207