Lucene search

K
certCERTVU:975041
HistoryDec 17, 2002 - 12:00 a.m.

GoAhead Web Server discloses source code of ASP files via crafted URL

2002-12-1700:00:00
www.kb.cert.org
97

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.055 Low

EPSS

Percentile

93.3%

Overview

An input validation vulnerability in the GoAhead Web Server allows attackers to view sensitive information. This issue is also referenced in VU#124059.

Description

The GoAhead Web Server inadequately filters user-supplied input. Specifically, the server does not properly filter malformed requests for .asp files. For more detailed information, please see ProCheckUp Security Bulletin PR02-13 [archive.org].


Impact

A remote attacker can gain access to sensitive information.


Solution

Release notes for GoAhead WebServer 2.1.8 indicate that this vulnerability has been addressed.


Vendor Information

975041

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

GoAhead Software Unknown

Updated: December 17, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23975041 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Steve Knight for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2002-1603
Severity Metric: 1.91 Date Public:

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.055 Low

EPSS

Percentile

93.3%