This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:HEADER:POST-BAD-HEADER
|
Severity |
Minor
|
Recommended |
Yes
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Post Bad Header Evasion
|
Release Date |
2020/01/05
|
Update Number |
3241
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Post Bad Header Evasion
This signature detects attempts to exploit a known vulnerability against EmbedThis GoAhead. A successful attack can lead to denial of service.
Extended Description
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.
Affected Products
- Embedthis goahead -
- Embedthis goahead 2.1.5
- Embedthis goahead 2.1.8
- Embedthis goahead 2.5.0
- Embedthis goahead 3.0.0
- Embedthis goahead 3.1.0
- Embedthis goahead 3.1.1
- Embedthis goahead 3.1.2
- Embedthis goahead 3.1.3
- Embedthis goahead 3.3.0
- Embedthis goahead 3.3.1
- Embedthis goahead 3.3.2
- Embedthis goahead 3.3.3
- Embedthis goahead 3.3.4
- Embedthis goahead 3.3.5
- Embedthis goahead 3.3.6
- Embedthis goahead 3.4.0
- Embedthis goahead 3.4.1
- Embedthis goahead 3.4.10
- Embedthis goahead 3.4.11
- Embedthis goahead 3.4.12
- Embedthis goahead 3.4.2
- Embedthis goahead 3.4.3
- Embedthis goahead 3.4.4
- Embedthis goahead 3.4.5
- Embedthis goahead 3.4.6
- Embedthis goahead 3.4.7
- Embedthis goahead 3.4.8
- Embedthis goahead 3.4.9
- Embedthis goahead 3.5.0
- Embedthis goahead 3.6.0
- Embedthis goahead 3.6.1
- Embedthis goahead 3.6.2
- Embedthis goahead 3.6.3
- Embedthis goahead 3.6.4
- Embedthis goahead 3.6.5
- Embedthis goahead 4.0.0
- Embedthis goahead 4.0.1
- Embedthis goahead 4.0.2
- Embedthis goahead 4.1.0
- Embedthis goahead 5.0.0
References