漏洞类别:CGI
漏洞等级: 
漏洞信息
The GoAhead Embedded Web Server is a web server which is used by many embedded devices worldwide.
GoAhead is exposed to a remote code execution vulnerability.
Affected Versions:
GoAhead web server prior to 3.6.5
QID Detection Logic:
This QID sends a proof of concept share module to "/cgi-bin/cgitest" and "/cgi-bin/index.cgi". Vulnerable target will return "qualysrce:" in the respond HTTP header
漏洞危害
An unauthenticated attacker could exploit this vulnerability to execute arbitrary code on the system.
解决方案
Update to goahead 3.6.5 or later
Patch:
Following are links for downloading patches to fix the vulnerabilities:
上一篇:CVE-2017-12243
0daybank
文章评论