5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.055 Low
EPSS
Percentile
93.3%
GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU#975041.
GoAhead WebServer contains vulnerabilities handling file requests. By sending the web server a specially crafted URL, an attacker may be able to view the source files containing sensitive information or bypass authentication. GoAhead WebServer has a history of source file disclosure vulnerabilities.
An attacker may be able to view any file on the web server, including files that contain sensitive information like usernames and passwords. An attacker may also be able to bypass authentication for protected files.
Release notes for GoAhead WebServer 2.1.8 indicate that these vulnerabilities have been addressed. GoAhead WebServer is not being actively maintained. Vendors who redistribute GoAhead WebServer or include it in other products may release updates to address these vulnerabilities. Vendors who have modified GoAhead WebServer may or may not be affected. See the Systems Affected section below for more information.
GoAhead WebServer 2.1.8 on the Microsoft Windows platform remains vulnerable to source file disclosure.
Restrict access
To reduce exposure to these vulnerabilities, restrict network access to vulnerable systems.
124059
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: June 22, 2010
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518> for more information…
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23124059 Feedback>).
Updated: December 29, 2009
Affected
Please refer to our KnowledgeBase article for more information on this issue. It can be found here:
This article will be updated as information becomes available.
The vendor has not provided us with any further information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Daniel Peck of Digital Bond, Inc. for reporting this issue.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2002-1603 |
---|---|
Severity Metric: | 0.06 Date Public: |
aluigi.altervista.org/adv/goahead-adv3.txt
cve.mitre.org/cgi-bin/cvekey.cgi?keyword=goahead+web+server
data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp
data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518
rockwellautomation.custhelp.com/app/answers/detail/a_id/57729
www.ab.com/networks/architectures.html
www.exploit-db.com/exploits/12815/
www.kb.cert.org/vuls/id/975041
www.nerc.com/fileUploads/File/Events%20Analysis/A-2009-02-13-01.pdf