Lucene search

[email protected]CVE-2002-2429

HistoryFeb 06, 2009 - 7:30 p.m.

CVE-2002-2429

2009-02-0619:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2002-2429

goahead webserver

denial of service

remote attackers

http

nvd

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

56.9%

JSON

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.

CPENameOperatorVersion
goahead:goahead_webservergoahead goahead webservereq2.0
goahead:goahead_webservergoahead goahead webservereq2.1.2
goahead:goahead_webservergoahead goahead webservereq2.1.1
goahead:goahead_webservergoahead goahead webservereq2.1
goahead:goahead_webservergoahead goahead webserverle2.1.3

CPE	Name	Operator	Version
goahead:goahead_webserver	goahead goahead webserver	eq	2.0
goahead:goahead_webserver	goahead goahead webserver	eq	2.1.2
goahead:goahead_webserver	goahead goahead webserver	eq	2.1.1
goahead:goahead_webserver	goahead goahead webserver	eq	2.1
goahead:goahead_webserver	goahead goahead webserver	le	2.1.3

References

data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

56.9%

JSON

Related for CVE-2002-2429

cvelist1