Vulnerability Note VU#975041

GoAhead Web Server discloses source code of ASP files via crafted URL

Original Release date: 17 Dec 2002 | Last revised: 11 Jan 2010


An input validation vulnerability in the GoAhead Web Server allows attackers to view sensitive information. This issue is also referenced in VU#124059.


The GoAhead Web Server inadequately filters user-supplied input. Specifically, the server does not properly filter malformed requests for .asp files. For more detailed information, please see ProCheckUp Security Bulletin PR02-13 [].


A remote attacker can gain access to sensitive information.


Release notes for GoAhead WebServer 2.1.8 indicate that this vulnerability has been addressed.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
GoAhead SoftwareUnknown-17 Dec 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Thanks to Steve Knight for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: CVE-2002-1603
  • Date Public: 17 Dec 2002
  • Date First Published: 17 Dec 2002
  • Date Last Updated: 11 Jan 2010
  • Severity Metric: 1.91
  • Document Revision: 11


If you have feedback, comments, or additional information about this vulnerability, please send us email.