GoAhead web ·þÎñÆ÷¶à¸öÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-12-04

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-5096£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-5097£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º5.3£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


GoAhead 5.0.1°æ±¾¡¢4.1.1°æ±¾ºÍ3.6.5°æ±¾


Îó²î¸ÅÊö


GoAheadÊÇÃÀ¹úEmbedthis Software¹«Ë¾µÄÒ»¿îǶÈëʽWeb·þÎñÆ÷£¬Ìṩ¿ªÔ´ºÍÆóÒµ°æ±¾£¬ÓÃÓÚÈ«ÇòÊýÒŲ́װ±¸ÖС£Shodan ËÑË÷·¢Ã÷ÁËÁè¼Ý130Íò¸öÁªÍøϵͳ¡£


˼¿Æ Talos ÍŶӵÄÑо¿Ô±ÔÚGoAhead web ·þÎñÆ÷Öз¢Ã÷ÁËÁ½¸öÎó²î£¬CVE-2019-5096ºÍ¶à²¿·Ö/±íµ¥Êý¾ÝÇëÇóµÄ´¦Öóͷ£·½·¨Ïà¹Ø¡£Î´ÈÏÖ¤¹¥»÷ÕßÄܹ»Ê¹ÓøÃÈõµã´¥·¢ÊͷźóʹÓÃÌõ¼þ²¢Í¨¹ý·¢ËÍÌØÊâ½á¹¹µÄ HTTP ÇëÇóµÄ·½·¨ÔÚ·þÎñÆ÷ÉÏÖ´ÐÐí§Òâ´úÂë¡£CVE-2019-5097£¬¿É±»¹¥»÷ÕßÓÃÓÚÒý·¢¾Ü¾ø·þÎñÌõ¼þ¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬ÏêÇéÇë¹Ø×¢³§ÉÌÖ÷Ò³£ºhttps://www.embedthis.com¡£


²Î¿¼Á´½Ó


https://blog.talosintelligence.com/2019/12/vulnerability-spotlight-EmbedThis-GoAhead.html