ID

VAR-201912-0788


CVE

CVE-2019-5097


TITLE

GoAhead web  Infinite loop vulnerability in server applications

Trust: 0.8

sources: JVNDB: JVNDB-2019-012622

DESCRIPTION

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server. GoAhead web Server applications contain an infinite loop vulnerability.Service operation interruption (DoS) It may be in a state. Embedthis Software GoAhead is an embedded Web server of American Embedthis Software company

Trust: 1.8

sources: NVD: CVE-2019-5097 // JVNDB: JVNDB-2019-012622 // VULHUB: VHN-156532 // VULMON: CVE-2019-5097

AFFECTED PRODUCTS

vendor:embedthismodel:goaheadscope:eqversion:5.0.1

Trust: 1.8

vendor:embedthismodel:goaheadscope:eqversion:3.6.5

Trust: 1.8

vendor:embedthismodel:goaheadscope:eqversion:4.1.1

Trust: 1.8

vendor:embedthismodel:goaheadscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-012622 // NVD: CVE-2019-5097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5097
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2019-5097
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5097
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201912-050
value: HIGH

Trust: 0.6

VULHUB: VHN-156532
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-5097
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5097
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-156532
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5097
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2019-5097
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-5097
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-156532 // VULMON: CVE-2019-5097 // JVNDB: JVNDB-2019-012622 // CNNVD: CNNVD-201912-050 // NVD: CVE-2019-5097 // NVD: CVE-2019-5097

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.1

problemtype:infinite loop (CWE-835) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-156532 // JVNDB: JVNDB-2019-012622 // NVD: CVE-2019-5097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-050

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-050

PATCH

title:GoAheadurl:https://www.embedthis.com/goahead/

Trust: 0.8

title:Embedthis Software GoAhead Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=104256

Trust: 0.6

sources: JVNDB: JVNDB-2019-012622 // CNNVD: CNNVD-201912-050

EXTERNAL IDS

db:NVDid:CVE-2019-5097

Trust: 3.4

db:TALOSid:TALOS-2019-0889

Trust: 2.6

db:JVNid:JVNVU93901424

Trust: 0.8

db:JVNid:JVNVU98006842

Trust: 0.8

db:ICS CERTid:ICSA-24-319-16

Trust: 0.8

db:JVNDBid:JVNDB-2019-012622

Trust: 0.8

db:CNNVDid:CNNVD-201912-050

Trust: 0.7

db:AUSCERTid:ESB-2023.0511

Trust: 0.6

db:VULHUBid:VHN-156532

Trust: 0.1

db:ICS CERTid:ICSA-23-026-06

Trust: 0.1

db:VULMONid:CVE-2019-5097

Trust: 0.1

sources: VULHUB: VHN-156532 // VULMON: CVE-2019-5097 // JVNDB: JVNDB-2019-012622 // CNNVD: CNNVD-201912-050 // NVD: CVE-2019-5097

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2019-0889

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5097

Trust: 1.4

url:https://jvn.jp/vu/jvnvu93901424/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98006842/index.html

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-16

Trust: 0.8

url:https://www.talosintelligence.com/vulnerability_reports/talos-2019-0889

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0511

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/835.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-06

Trust: 0.1

url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111098

Trust: 0.1

sources: VULHUB: VHN-156532 // VULMON: CVE-2019-5097 // JVNDB: JVNDB-2019-012622 // CNNVD: CNNVD-201912-050 // NVD: CVE-2019-5097

CREDITS

Discovered by a Cisco Talos researcher.

Trust: 0.6

sources: CNNVD: CNNVD-201912-050

SOURCES

db:VULHUBid:VHN-156532
db:VULMONid:CVE-2019-5097
db:JVNDBid:JVNDB-2019-012622
db:CNNVDid:CNNVD-201912-050
db:NVDid:CVE-2019-5097

LAST UPDATE DATE

2024-11-23T22:25:39.675000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-156532date:2019-12-06T00:00:00
db:VULMONid:CVE-2019-5097date:2022-06-17T00:00:00
db:JVNDBid:JVNDB-2019-012622date:2024-11-18T05:32:00
db:CNNVDid:CNNVD-201912-050date:2023-01-28T00:00:00
db:NVDid:CVE-2019-5097date:2024-11-21T04:44:20.923

SOURCES RELEASE DATE

db:VULHUBid:VHN-156532date:2019-12-03T00:00:00
db:VULMONid:CVE-2019-5097date:2019-12-03T00:00:00
db:JVNDBid:JVNDB-2019-012622date:2019-12-09T00:00:00
db:CNNVDid:CNNVD-201912-050date:2019-12-02T00:00:00
db:NVDid:CVE-2019-5097date:2019-12-03T22:15:14.900