8.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD
Description
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
Affected (3)
Products: Embedthis: Goahead · Oracle: Integrated Lights Out Manager
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.0 |
References (17)
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkPatchThird Party Advisory
Source: cve@mitre.org
Broken LinkIssue TrackingThird Party Advisory
Source: cve@mitre.org
Broken LinkExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Timeline
No history available yet.