Technical Analysis and Recommended Solution of GoAhead httpd/2.5 to 3.5 LD_PRELOAD Remote Code Execution Vulnerability (CVE-2017-17562)

A remote RCE vulnerability (CVE-2017-17562) was found in all GoAhead Web Server’s versions earlier than 3.6.5. The vulnerability is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters, and will affect all users who have CGI support enabled with dynamically linked executables (CGI scripts). […]