VDB
CVE-2019-5097
CVE-2019-5097
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.
EPSS 7.28% · 91.8th percentile
Risk Scores
CVSS 3.0
5.300000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
7.28%
91.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | EmbedThis | * |
| embedthis | goahead | 3.6.5, 4.1.1, 5.0.1 |
Exploit Intelligence
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889 (nist-nvd)
- CIRCL seen: CVE-2019-5097 (circl-sighting)
Timeline
- Dec 2, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score