CVE-2019-16645 — Vulnetix

CVE-2019-16645 PUBLISHED

Reported by mitre · Published September 20, 2019

An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a

Exploit Intelligence

https://github.com/Ramikan/Vulnerabilities/blob/master/GoAhead%20Web%20server%20HTTP%20Header%20Injection (nist-nvd)
GoAhead 2.5.0 - Host Header Injection Vulnerability (0day-today)

Timeline

Sep 20, 2019 CVE Published
Sep 30, 2019 PoC Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Jan 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

x_refsource_MISC
x_refsource_MISC

Open in Interactive Console →