GoAhead web ·þÎñÆ÷¶à¸ö·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-12-04

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-5096£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-5097£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º5.3£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


GoAhead 5.0.1°æ±¾¡¢4.1.1°æ±¾ºÍ3.6.5°æ±¾


·ì϶¸ÅÊö


GoAheadÊÇÃÀ¹úEmbedthis Software¹«Ë¾µÄÒ»¿îǶÈëʽWeb·þÎñÆ÷£¬Ìṩ¿ªÔ´ºÍÆóÒµ°æ±¾£¬ÓÃÓÚÈ«ÇòÊýÒŲ́É豸ÖС£Shodan ËÑË÷·¢ÏÖÁ˳¬¹ý130Íò¸öÁªÍøϵͳ¡£


˼¿Æ Talos ÍŶӵÄ×êÑÐÔ±ÔÚGoAhead web ·þÎñÆ÷Öз¢ÏÖÁËÁ½¸ö·ì϶£¬CVE-2019-5096ºÍ¶à²¿ÃÅ/±íµ¥Êý¾ÝÒªÇóµÄ´¦Ö÷½Ê½ÓйØ¡£Î´ÈÏÖ¤¹¥»÷Õß¿ÉÄÜÀûÓøÃÈõµã´¥·¢¿ªÊͺóʹÓÃÇ°ÌᲢͨ¹ý·¢ËÍÌØÊâ»ú¹ØµÄ HTTP ÒªÇóµÄ·½Ê½ÔÚ·þÎñÆ÷ÉÏÖ´ÐÐËÁÒâ´úÂë¡£CVE-2019-5097£¬¿É±»¹¥»÷ÕßÓÃÓÚÒý·¢»Ø¾ø·þÎñÇ°Ìá¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬ÏêÇéÇë¹Ø×¢³§ÉÌÖ÷Ò³£ºhttps://www.embedthis.com¡£


²Î¿¼Á´½Ó


https://blog.talosintelligence.com/2019/12/vulnerability-spotlight-EmbedThis-GoAhead.html