GoAhead Embedded Web Server websNormalizeUriPath() Directory Traversal Vulnerability
High Nessus Plugin ID 82566
SynopsisThe remote device is affected by a directory traversal vulnerability.
DescriptionThe remote GoAhead embedded web server is affected by a directory traversal vulnerability due to a flaw in the websNormalizeUriPath() function. A remote, unauthenticated attacker can exploit this flaw to obtain arbitrary files on the affected host.
The flaw that allows the directory traversal may also be used to perform a heap-based buffer overflow, potentially allowing code execution or a denial of service condition.
SolutionContact the vendor of the device running the GoAhead embedded web server for a fixed version.