Sign-up

ID

VAR-201712-0864


CVE

CVE-2017-17562


TITLE

Embedthis GoAhead Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011723

DESCRIPTION

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0. Embedthis GoAhead Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Embedthis GoAhead is prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Embedthis GoAhead is an embedded Web server of American Embedthis software company. A security vulnerability exists in versions of Embedthis GoAhead prior to 3.6.5

Trust: 2.07

sources: NVD: CVE-2017-17562 // JVNDB: JVNDB-2017-011723 // BID: 103913 // VULHUB: VHN-108597 // VULMON: CVE-2017-17562

AFFECTED PRODUCTS

vendor:embedthismodel:goaheadscope:ltversion:3.6.5

Trust: 1.8

vendor:oraclemodel:integrated lights out managerscope:eqversion:4.0

Trust: 1.3

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.0

Trust: 1.3

vendor:embedthismodel:goaheadscope:eqversion:3.3.6

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.3.5

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.3.2

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.3.3

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.3.4

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.4.0

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.0.0

Trust: 0.6

vendor:embedthismodel:goaheadscope:eqversion:3.3.1

Trust: 0.6

vendor:embedthismodel:software goaheadscope:eqversion:3.6.4

Trust: 0.3

vendor:embedthismodel:software goaheadscope:neversion:3.6.5

Trust: 0.3

sources: BID: 103913 // JVNDB: JVNDB-2017-011723 // CNNVD: CNNVD-201712-407 // NVD: CVE-2017-17562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17562
value: HIGH

Trust: 1.0

NVD: CVE-2017-17562
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201712-407
value: HIGH

Trust: 0.6

VULHUB: VHN-108597
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-17562
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17562
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-108597
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17562
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-17562
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-108597 // VULMON: CVE-2017-17562 // JVNDB: JVNDB-2017-011723 // CNNVD: CNNVD-201712-407 // NVD: CVE-2017-17562

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-108597 // JVNDB: JVNDB-2017-011723 // NVD: CVE-2017-17562

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-407

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 103913 // CNNVD: CNNVD-201712-407

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011723

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-108597 // 
            
            
            
            VULMON: CVE-2017-17562

PATCH
title:DEV: add CGI prefixesurl:https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74
Trust: 0.8
title:CGI environment variables need a prefix #249url:https://github.com/embedthis/goahead/issues/249
Trust: 0.8
title:Embedthis GoAhead Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77116
Trust: 0.6
title:Oracle: Oracle Critical Patch Update Advisory - April 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4019ca77f50c7a34e4d97833e6f3321e
Trust: 0.1
title:CVE-2017-17562url:https://github.com/ivanitlearning/CVE-2017-17562 
Trust: 0.1
title:Goahead-CVE-2017-17562url:https://github.com/crispy-peppers/Goahead-CVE-2017-17562 
Trust: 0.1
title:GoAhead-cve---2017--17562url:https://github.com/cyberharsh/GoAhead-cve---2017--17562 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-17562 // 
            
            
            
            JVNDB: JVNDB-2017-011723 // 
            
            
            
            CNNVD: CNNVD-201712-407

EXTERNAL IDS
db:NVDid:CVE-2017-17562
Trust: 2.9
db:EXPLOIT-DBid:43877
Trust: 1.1
db:EXPLOIT-DBid:43360
Trust: 1.1
db:SECTRACKid:1040702
Trust: 1.1
db:JVNDBid:JVNDB-2017-011723
Trust: 0.8
db:CNNVDid:CNNVD-201712-407
Trust: 0.7
db:ICS CERTid:ICSA-22-090-06
Trust: 0.6
db:BIDid:103913
Trust: 0.4
db:PACKETSTORMid:146061
Trust: 0.1
db:PACKETSTORMid:145471
Trust: 0.1
db:SEEBUGid:SSVID-96997
Trust: 0.1
db:VULHUBid:VHN-108597
Trust: 0.1
db:VULMONid:CVE-2017-17562
Trust: 0.1
sources:
            
            
            VULHUB: VHN-108597 // 
            
            
            
            VULMON: CVE-2017-17562 // 
            
            
            
            BID: 103913 // 
            
            
            
            JVNDB: JVNDB-2017-011723 // 
            
            
            
            CNNVD: CNNVD-201712-407 // 
            
            
            
            NVD: CVE-2017-17562

REFERENCES
url:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Trust: 1.4
url:https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74
Trust: 1.4
url:https://github.com/embedthis/goahead/issues/249
Trust: 1.4
url:https://www.exploit-db.com/exploits/43360/
Trust: 1.1
url:https://www.exploit-db.com/exploits/43877/
Trust: 1.1
url:https://github.com/elttam/advisories/tree/master/cve-2017-17562
Trust: 1.1
url:https://www.elttam.com.au/blog/goahead/
Trust: 1.1
url:http://www.securitytracker.com/id/1040702
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17562
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17562
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-090-06
Trust: 0.6
url:http://embedthis.com/products/goahead/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-108597 // 
            
            
            
            BID: 103913 // 
            
            
            
            JVNDB: JVNDB-2017-011723 // 
            
            
            
            CNNVD: CNNVD-201712-407 // 
            
            
            
            NVD: CVE-2017-17562

CREDITS
Reid Wightman of Dragos reported these vulnerabilities to GE.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201712-407

SOURCES
db:VULHUBid:VHN-108597
db:VULMONid:CVE-2017-17562
db:BIDid:103913
db:JVNDBid:JVNDB-2017-011723
db:CNNVDid:CNNVD-201712-407
db:NVDid:CVE-2017-17562

LAST UPDATE DATE
2024-08-14T13:45:54.882000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-108597date:2018-04-20T00:00:00
db:VULMONid:CVE-2017-17562date:2018-04-20T00:00:00
db:BIDid:103913date:2017-12-12T00:00:00
db:JVNDBid:JVNDB-2017-011723date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201712-407date:2022-04-01T00:00:00
db:NVDid:CVE-2017-17562date:2024-07-24T16:51:59.797

SOURCES RELEASE DATE
db:VULHUBid:VHN-108597date:2017-12-12T00:00:00
db:VULMONid:CVE-2017-17562date:2017-12-12T00:00:00
db:BIDid:103913date:2017-12-12T00:00:00
db:JVNDBid:JVNDB-2017-011723date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201712-407date:2017-12-14T00:00:00
db:NVDid:CVE-2017-17562date:2017-12-12T19:29:00.207