Technical Analysis and Recommended Solution of GoAhead httpd/2.5 to 3.5 LD_PRELOAD Remote Code Execution Vulnerability (CVE-2017-17562)
A remote RCE vulnerability (CVE-2017-17562) was found in all GoAhead Web Server’s versions earlier than 3.6.5. The vulnerability is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters, and will affect all users who have CGI support enabled with dynamically linked executables (CGI scripts). This behavior, when combined with […]