Sunday, April 18, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

December 4, 2019
in Internet Privacy
Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices.

One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take control over them.

You might also like

What are the different roles within cybersecurity?

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

The first vulnerability resides in the way multi-part/form-data requests are processed within the base GoAhead web server application, affecting GoAhead Web Server versions v5.0.1, v.4.1.1, and v3.6.5.

According to the researchers at Cisco Talos, while processing a specially crafted HTTP request, an attacker exploiting the vulnerability can cause use-after-free condition on the server and corrupt heap structures, leading to code execution attacks.

The second vulnerability, assigned as CVE-2019-5097, also resides in the same component of the GoAhead Web Server and can be exploited in the same way, but this one leads to denial-of-service attacks.

“A specially crafted HTTP request can lead to an infinite loop in the process (resulting in 100 percent CPU utilization). The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server,” the researchers say.

However, it’s not necessary that both vulnerabilities could be exploited in all embedded devices running the vulnerable versions of the GoAhead web server.

Web Application Firewall

That’s because, according to the researchers, since GoAhead is a customizable web application framework, companies implement the application according to their environment and requirements, due to which the flaws “may not be reachable on all builds.”

“Additionally, pages that require authentication do not allow access to the vulnerability without authentication as the authentication is handled before reaching the upload handler,” the researchers explain.

Talos researchers reported the two vulnerabilities to EmbedThis, the developer of the GoAhead Web Server application, in late August this year, and the vendor addressed the issues and released security patches two weeks ago.


Credit: The Hacker News By: noreply@blogger.com (Unknown)

Previous Post

Data related problems in machine learning: The data janitor returns

Next Post

New Zealand’s gun buyback scheme impacted by data breach, SAP to blame

Related Posts

What are the different roles within cybersecurity?
Internet Privacy

What are the different roles within cybersecurity?

April 18, 2021
SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence
Internet Privacy

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

April 17, 2021
22-Year-Old Charged With Hacking Water System and Endangering Lives
Internet Privacy

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

April 16, 2021
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
Internet Privacy

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

April 16, 2021
US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
Internet Privacy

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

April 16, 2021
Next Post
New Zealand’s gun buyback scheme impacted by data breach, SAP to blame

New Zealand’s gun buyback scheme impacted by data breach, SAP to blame

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

What are the different roles within cybersecurity?
Internet Privacy

What are the different roles within cybersecurity?

April 18, 2021
Machine Learning Technology May Help Decipher Biological Language of Cancer, Parkinson Disease
Machine Learning

Machine Learning Technology May Help Decipher Biological Language of Cancer, Parkinson Disease

April 17, 2021
SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence
Internet Privacy

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

April 17, 2021
10 Popular Must-Read Free eBooks on Machine Learning
Machine Learning

10 Popular Must-Read Free eBooks on Machine Learning

April 17, 2021
Security crucial as 5G connects more industries, devices
Internet Security

Security crucial as 5G connects more industries, devices

April 17, 2021
Relay Therapeutics pays $85M for startup with a new AI tech for drug discovery
Machine Learning

Relay Therapeutics pays $85M for startup with a new AI tech for drug discovery

April 17, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • What are the different roles within cybersecurity? April 18, 2021
  • Machine Learning Technology May Help Decipher Biological Language of Cancer, Parkinson Disease April 17, 2021
  • SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence April 17, 2021
  • 10 Popular Must-Read Free eBooks on Machine Learning April 17, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates