Goahead Webserver Security Vulnerabilities and Issues — Goahead Webserver CVE List

Lucene search

GoaheadGoahead Webserver

9 matches found

CVE•added 2009/02/06 7:30 p.m.•76 views

CVE-2002-2431

Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.

7.5CVSS6.9AI score0.00423EPSS

CVE•added 2009/02/06 7:30 p.m.•52 views

CVE-2002-2427

The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.

5CVSS6.8AI score0.31103EPSS

CVE•added 2009/02/06 7:30 p.m.•44 views

CVE-2002-2430

GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server.

5CVSS6.9AI score0.00436EPSS

CVE•added 2011/12/27 6:55 p.m.•40 views

CVE-2009-5111

GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

5CVSS6.7AI score0.00436EPSS

CVE•added 2011/11/03 10:55 a.m.•38 views

CVE-2011-4273

Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) us...

4.3CVSS5.8AI score0.01683EPSS

CVE•added 2009/02/06 7:30 p.m.•37 views

CVE-2002-2428

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.

5CVSS6.9AI score0.00436EPSS

CVE•added 2009/02/06 7:30 p.m.•37 views

CVE-2003-1569

GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.

5CVSS6.8AI score0.06714EPSS

CVE•added 2009/02/06 7:30 p.m.•34 views

CVE-2003-1568

GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.

5CVSS7AI score0.00436EPSS

CVE•added 2009/02/06 7:30 p.m.•31 views

CVE-2002-2429

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.

5CVSS6.9AI score0.00436EPSS