ID

VAR-202208-0557


CVE

CVE-2021-41615


TITLE

Embedthis Software, LLC  of  GoAhead  Vulnerability regarding lack of entropy in

Trust: 0.8

sources: JVNDB: JVNDB-2021-020145

DESCRIPTION

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). NOTE: 2.1.8 is a version from 2003; however, the affected websda.c code appears in multiple derivative works that may be used in 2021. Recent GoAhead software is unaffected. Embedthis Software, LLC of GoAhead Exists in a vulnerability related to lack of entropy.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Embedthis Software GoAhead is an open source small embedded Web server from Embedthis Software in the United States. Embedthis Software GoAhead WebServer version 2.1.8 has a security vulnerability

Trust: 1.71

sources: NVD: CVE-2021-41615 // JVNDB: JVNDB-2021-020145 // VULHUB: VHN-402768

AFFECTED PRODUCTS

vendor:embedthismodel:goaheadscope:eqversion:2.1.8

Trust: 1.8

vendor:embedthismodel:goaheadscope: - version: -

Trust: 0.8

vendor:embedthismodel:goaheadscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-020145 // NVD: CVE-2021-41615

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41615
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-41615
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202208-2477
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2021-41615
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-41615
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-020145 // CNNVD: CNNVD-202208-2477 // NVD: CVE-2021-41615

PROBLEMTYPE DATA

problemtype:CWE-331

Trust: 1.1

problemtype:Lack of entropy (CWE-331) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-402768 // JVNDB: JVNDB-2021-020145 // NVD: CVE-2021-41615

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2477

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202208-2477

PATCH

title:Embedthis Software GoAhead Fixing measures for security feature vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204226

Trust: 0.6

sources: CNNVD: CNNVD-202208-2477

EXTERNAL IDS

db:NVDid:CVE-2021-41615

Trust: 3.3

db:ICS CERTid:ICSA-23-129-02

Trust: 0.8

db:JVNid:JVNVU92569237

Trust: 0.8

db:JVNDBid:JVNDB-2021-020145

Trust: 0.8

db:CNNVDid:CNNVD-202208-2477

Trust: 0.7

db:VULHUBid:VHN-402768

Trust: 0.1

sources: VULHUB: VHN-402768 // JVNDB: JVNDB-2021-020145 // CNNVD: CNNVD-202208-2477 // NVD: CVE-2021-41615

REFERENCES

url:https://github.com/trenta3/goahead-versions/blob/master/2.1.8/230165webs218.tar.gz?raw=true

Trust: 2.5

url:https://devel.rtems.org/browser/rtems/cpukit/httpd/websda.c?rev=c1427d2758079f0e9dd6a8de1662d78e0d6bc4ca

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-41615

Trust: 1.4

url:https://jvn.jp/vu/jvnvu92569237/

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-129-02

Trust: 0.8

url:httpd/websda.c?rev=c1427d2758079f0e9dd6a8de1662d78e0d6bc4ca

Trust: 0.6

url:https://devel.rtems.org/browser/rtems/cpukit/

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-41615/

Trust: 0.6

sources: VULHUB: VHN-402768 // JVNDB: JVNDB-2021-020145 // CNNVD: CNNVD-202208-2477 // NVD: CVE-2021-41615

SOURCES

db:VULHUBid:VHN-402768
db:JVNDBid:JVNDB-2021-020145
db:CNNVDid:CNNVD-202208-2477
db:NVDid:CVE-2021-41615

LAST UPDATE DATE

2024-08-14T12:15:48.755000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-402768date:2022-08-12T00:00:00
db:JVNDBid:JVNDB-2021-020145date:2023-09-19T08:11:00
db:CNNVDid:CNNVD-202208-2477date:2022-08-15T00:00:00
db:NVDid:CVE-2021-41615date:2022-08-12T15:02:53.073

SOURCES RELEASE DATE

db:VULHUBid:VHN-402768date:2022-08-08T00:00:00
db:JVNDBid:JVNDB-2021-020145date:2023-09-19T00:00:00
db:CNNVDid:CNNVD-202208-2477date:2022-08-08T00:00:00
db:NVDid:CVE-2021-41615date:2022-08-08T19:15:12.247