|
|
|
Vulnerability Note VU#975041
GoAhead Web Server discloses source code of ASP files via crafted URL
OverviewAn input validation vulnerability in the GoAhead Web Server allows attackers to view sensitive information. This issue is also referenced in VU#124059.
I. DescriptionThe GoAhead Web Server inadequately filters user-supplied input. Specifically, the server does not properly filter malformed requests for .asp files. For more detailed information, please see ProCheckUp Security Bulletin PR02-13 [archive.org].II. ImpactA remote attacker can gain access to sensitive information.III. SolutionRelease notes for GoAhead WebServer 2.1.8 indicate that this vulnerability has been addressed.Systems Affected
References
http://www.procheckup.com/security_info/vuln_pr0213.html
http://web.archive.org/web/20030110134751/http://www.procheckup.com/security_info/vuln_pr0213.html
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp
http://aluigi.altervista.org/adv/goahead-adv3.txt
Credit
Thanks to Steve Knight for reporting this vulnerability.
This document was written by Ian A Finlay.
Other Information
| Date Public | 12/17/2002 |
| Date First Published | 12/17/2002 09:36:02 AM |
| Date Last Updated | 01/11/2010 |
| CERT Advisory | |
| CVE Name | CVE-2002-1603 |
| Metric | 1.91 |
| Document Revision | 11 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
