CVE-2017-17562
HIGH KEV NUCLEIEmbedthis GoAhead <3.6.5 - Remote Code Execution
Title source: nucleiDescription
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
Exploits (9)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/43877
exploitdb
WORKING POC
VERIFIED
by Daniel Hodson · pythonremotelinux
https://www.exploit-db.com/exploits/43360
nomisec
WORKING POC
9 stars
by ivanitlearning · remote
https://github.com/ivanitlearning/CVE-2017-17562
nomisec
WORKING POC
7 stars
by nu11pointer · remote
https://github.com/nu11pointer/goahead-rce-exploit
nomisec
WORKING POC
1 stars
by joaomagfreitas · poc
https://github.com/joaomagfreitas/bash-CVE-2017-17562
nomisec
WORKING POC
by crispy-peppers · remote
https://github.com/crispy-peppers/Goahead-CVE-2017-17562
metasploit
WORKING POC
EXCELLENT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/goahead_ldpreload.rb
Nuclei Templates (1)
Embedthis GoAhead <3.6.5 - Remote Code Execution
HIGHby geeknik
Shodan:
cpe:"cpe:2.3:a:embedthis:goahead"
References (9)
Scores
CVSS v3
8.1
EPSS
0.9431
EPSS Percentile
99.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CISA KEV
2021-12-10
VulnCheck KEV
2020-12-14
InTheWild.io
2021-12-10
ENISA EUVD
EUVD-2017-8720
Status
published
Products (3)
embedthis/goahead
< 3.6.5
oracle/integrated_lights_out_manager
3.0
oracle/integrated_lights_out_manager
4.0
Published
Dec 12, 2017
KEV Added
Dec 10, 2021
Tracked Since
Feb 18, 2026