GoAhead Webserver Vulnerabilities (RTEMS <= 4.10.2)

Gedare Bloom gedare at rtems.org
Wed Oct 6 20:10:12 UTC 2021

Dear RTEMS Users,

It has come to our attention that the GoAhead Webserver (cpukit/httpd)
shipped in RTEMS versions <= 4.10.2 contains numerous security
vulnerabilities. Some of the publicly disclosed vulnerabilities can be
found at [1]. The webserver shipped is based on version 2.1.4 of
GoAhead. If you are using this webserver on fielded products, we
encourage you to update, and you can contact me for more information.
We discourage you from replying to this publicly archived mailing list
with any information about your product.

We are also working on establishing policies, procedures, and
processes for how we will deal with security-related vulnerabilities
within RTEMS and third-party components such as this one.

Gedare on behalf of RTEMS Maintainers

[1] https://www.cvedetails.com/vulnerability-list/vendor_id-1641/product_id-2833/Goahead-Goahead-Webserver.html

More information about the users mailing list