MUST READ

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Radiology Associates of Richmond data breach impacts 1.4 million people

 | 

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

 | 

Authorities released free decryptor for Phobos and 8base ransomware

 | 

Anne Arundel Dermatology data breach impacts 1.9 million people

 | 

LameHug: first AI-Powered malware linked to Russia’s APT28

 | 

5 Features Every AI-Powered SOC Platform Needs in 2025

 | 

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

 | 

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

 | 

United Natural Foods Expects $400M revenue impact from June cyber attack

 | 

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

 | 

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

 | 

Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

 | 

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

 | 

Former US Army member confesses to Telecom hack and extortion conspiracy

 | 

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

 | 

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

 | 

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

 | 

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

 | 

Belk hit by May cyberattack: DragonForce stole 150GB of data

 | 

Talos experts found a critical RCE in GoAhead Web Server

Pierluigi Paganini December 04, 2019

Experts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw.

GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices. Searching for GoAhead installs exposed online with Shodan search engine, at the time of writing there are over 1.3 million installs.

GoAhead

The first vulnerability, tracked as CVE-2019-5096, is related to how multi-part/form-data requests are processed. The flaw could be exploited by an unauthenticated attacker to trigger a use-after-free condition and execute arbitrary code on the server by sending specially crafted HTTP requests.

“An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution.” reads the security advisory published by Talos. “The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.”

The security flaw has been assigned a CVSS score of 9.8.

The second vulnerability in the GoAhead web server found by Talos, tracked as CVE-2019-5097, can be exploited by an unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted HTTP requests.

“A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process.” continues the post. “The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.”

According to Talos, GoAhead versions 5.0.1, 4.1.1 and 3.6.5 are affected by the two vulnerabilities. Talos reported the flaws to EmbedThis in August, and the vendor addressed them on November 21.

In December 2017, experts from Elttam discovered a flaw in GoAhead tiny web server, tracked as CVE-2017-17562, that affects hundreds of thousands IoT devices. The flaw could be exploited to remotely execute malicious code on affected devices.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Hacking, GoAhead)

[adrotate banner=”5″]

[adrotate banner=”13″]

GoAhead Hacking hacking news Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini July 20, 2025
Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION
Read more
Pierluigi Paganini July 20, 2025
Radiology Associates of Richmond data breach impacts 1.4 million people
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / July 20, 2025

Radiology Associates of Richmond data breach impacts 1.4 million people

Data Breach / July 20, 2025

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hacking / July 19, 2025

Authorities released free decryptor for Phobos and 8base ransomware

Malware / July 18, 2025

Anne Arundel Dermatology data breach impacts 1.9 million people

Data Breach / July 18, 2025