CVE-2019-12160 – CVE-2019-12160 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2019-12160?

CVE-2019-12160 has a CVSS score of 9.8 (CRITICAL). CVE-2019-12160 is a use-after-free vulnerability in GoHTTP's sendHeader function that allows attackers to execute arbitrary code or cause denial of service. This affects systems running GoHTTP web server software through version 2017-07-25. Attackers can exploit this remotely without authentication.

📋 TL;DR

CVE-2019-12160 is a use-after-free vulnerability in GoHTTP's sendHeader function that allows attackers to execute arbitrary code or cause denial of service. This affects systems running GoHTTP web server software through version 2017-07-25. Attackers can exploit this remotely without authentication.

💻 Affected Systems

Products:

GoHTTP

Versions: All versions through 2017-07-25

Operating Systems: All platforms running GoHTTP

Default Config Vulnerable: ⚠️ Yes

Notes: Any system running GoHTTP web server with the vulnerable code is affected regardless of configuration.

📦 What is this software?

Gohttp by Gohttp Project

View all CVEs affecting Gohttp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service causing service disruption and potential system crashes.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit mitigations like ASLR.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication on exposed web servers.

🏢 Internal Only: MEDIUM - Internal systems could still be exploited by authenticated attackers or through lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

The GitHub issue contains technical details that could be used to develop exploits. Use-after-free vulnerabilities typically require some expertise to weaponize reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2017-07-25

Vendor Advisory: https://github.com/fekberg/GoHttp/issues/15

Restart Required: Yes

Instructions:

1. Stop the GoHTTP service. 2. Update to the latest version from the official repository. 3. Restart the GoHTTP service. 4. Verify the version is newer than 2017-07-25.

🔧 Temporary Workarounds

Disable GoHTTP Service

linux

Stop and disable the GoHTTP web server to prevent exploitation.

sudo systemctl stop gohttp
sudo systemctl disable gohttp

Network Segmentation

linux

Restrict network access to GoHTTP servers using firewall rules.

iptables -A INPUT -p tcp --dport [GOHTTP_PORT] -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to trusted sources only.
Deploy exploit mitigation technologies like ASLR and DEP if supported by the platform.

🔍 How to Verify

Check if Vulnerable:

Check the GoHTTP version. If it's 2017-07-25 or older, it's vulnerable.

Check Version:

Check the GoHTTP binary or service output for version information, or examine the installation date.

Verify Fix Applied:

Verify the GoHTTP version is newer than 2017-07-25 and test the service functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual process crashes
Memory access violation errors
Abnormal HTTP request patterns

Network Indicators:

Exploit traffic patterns targeting GoHTTP ports
Unusual outbound connections from GoHTTP servers

SIEM Query:

source="gohttp.log" AND (error="segmentation fault" OR error="access violation")

📊 Metadata

CVE ID: CVE-2019-12160

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 17, 2019

Last Updated: November 21, 2024

🔗 References

https://github.com/fekberg/GoHttp/issues/15 Exploit,Third Party Advisory
https://github.com/fekberg/GoHttp/issues/15 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-12160, you might also want to check these: