MUST READ

A cyberattack on Collins Aerospace disrupted operations at major European airports

 | 

Fortra addressed a maximum severity flaw in GoAnywhere MFT software

 | 

UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London

 | 

ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

 | 

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

 | 

CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025

 | 

Jaguar Land Rover will extend its production halt into a third week following a cyberattack

 | 

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

 | 

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

 | 

DoJ resentenced former BreachForums admin to three years in prison

 | 

Apple backports fix for actively exploited CVE-2025-43300

 | 

New supply chain attack hits npm registry, compromising 40+ packages

 | 

Cybercrime group accessed Google Law Enforcement Request System (LERS)

 | 

China-linked Mustang Panda deploys advanced SnakeDisk USB worm

 | 

Insider breach at FinWise Bank exposes data of 689,000 AFF customers

 | 

Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records

 | 

Fairmont Federal Credit Union 2023 data breach impacted 187K people

 | 

UK ICO finds students behind majority of school data breaches

 | 

INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 62

 | 

Talos experts found a critical RCE in GoAhead Web Server

Pierluigi Paganini December 04, 2019

Experts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw.

GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices. Searching for GoAhead installs exposed online with Shodan search engine, at the time of writing there are over 1.3 million installs.

GoAhead

The first vulnerability, tracked as CVE-2019-5096, is related to how multi-part/form-data requests are processed. The flaw could be exploited by an unauthenticated attacker to trigger a use-after-free condition and execute arbitrary code on the server by sending specially crafted HTTP requests.

“An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution.” reads the security advisory published by Talos. “The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.”

The security flaw has been assigned a CVSS score of 9.8.

The second vulnerability in the GoAhead web server found by Talos, tracked as CVE-2019-5097, can be exploited by an unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted HTTP requests.

“A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process.” continues the post. “The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.”

According to Talos, GoAhead versions 5.0.1, 4.1.1 and 3.6.5 are affected by the two vulnerabilities. Talos reported the flaws to EmbedThis in August, and the vendor addressed them on November 21.

In December 2017, experts from Elttam discovered a flaw in GoAhead tiny web server, tracked as CVE-2017-17562, that affects hundreds of thousands IoT devices. The flaw could be exploited to remotely execute malicious code on affected devices.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Hacking, GoAhead)

[adrotate banner=”5″]

[adrotate banner=”13″]

GoAhead Hacking hacking news Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini September 20, 2025
A cyberattack on Collins Aerospace disrupted operations at major European airports
Read more
Pierluigi Paganini September 20, 2025
CISA warns of malware deployed through Ivanti EPMM flaws
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

A cyberattack on Collins Aerospace disrupted operations at major European airports

Hacking / September 20, 2025

Fortra addressed a maximum severity flaw in GoAnywhere MFT software

Security / September 19, 2025

UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London

Security / September 19, 2025

ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

Hacking / September 18, 2025

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

Data Breach / September 18, 2025