What is CVE-2014-9707?

CVE-2014-9707 is a vulnerability in Embedthis Goahead, classified under CWE-17. Published 2015-03-31.

Is CVE-2014-9707 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Embedthis Goahead

CVE-2014-9707

EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), o…

EPSS: 0.606 (98.3th percentile) — read the EPSS interpretation.

Affected products

Embedthis Goahead — versions 3.0.0, 3.3.1, 3.3.2
N/a — versions n/a

Weakness classification (CWE)

CWE-17

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM)
20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1 (mailing-list, Exploit, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (Exploit, x_refsource_MISC)
1032208 (vdb-entry, x_refsource_SECTRACK)
20150328 Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1 (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2014-9707?: CVE-2014-9707 is a vulnerability in Embedthis Goahead, classified under CWE-17. Published 2015-03-31.
Is CVE-2014-9707 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.