GoAhead WebServer Directory Traversal

2004-01-20T07:25:56
ID OSVDB:3694
Type osvdb
Reporter OSVDB
Modified 2004-01-20T07:25:56

Description

Vulnerability Description

GoAhead Webserver contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when deliberately malformed HTTP requests are received by the HTTPd targeting //server/cgi-bin or //server/asp.asp which will disclose the source code of the targeted server script.

Solution Description

Upgrade to version 2.1.8 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the workaround given in the above altervista.org link marked direct.

Short Description

GoAhead Webserver contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when deliberately malformed HTTP requests are received by the HTTPd targeting //server/cgi-bin or //server/asp.asp which will disclose the source code of the targeted server script.

References:

Secunia Advisory ID:10678 Secunia Advisory ID:7741 Other Advisory URL: http://aluigi.altervista.org/adv/goahead-adv2.txt Other Advisory URL: http://aluigi.altervista.org/adv/goahead-adv3.txt Other Advisory URL: http://www.westpoint.ltd.uk/advisories/wp-02-0001.txt Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2001-02/0022.html ISS X-Force ID: 6046 ISS X-Force ID: 9519 CVE-2002-0680 CVE-2001-0228 Bugtraq ID: 5197 Bugtraq ID: 9239