Vulnerability Note VU#975041

GoAhead Web Server discloses source code of ASP files via crafted URL

Original Release date: 17 Dec 2002 | Last revised: 11 Jan 2010

Overview

An input validation vulnerability in the GoAhead Web Server allows attackers to view sensitive information. This issue is also referenced in VU#124059.

Description

The GoAhead Web Server inadequately filters user-supplied input. Specifically, the server does not properly filter malformed requests for .asp files. For more detailed information, please see ProCheckUp Security Bulletin PR02-13 [archive.org].

Impact

A remote attacker can gain access to sensitive information.

Solution

Release notes for GoAhead WebServer 2.1.8 indicate that this vulnerability has been addressed.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
GoAhead SoftwareUnknown-17 Dec 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Steve Knight for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: CVE-2002-1603
  • Date Public: 17 Dec 2002
  • Date First Published: 17 Dec 2002
  • Date Last Updated: 11 Jan 2010
  • Severity Metric: 1.91
  • Document Revision: 11

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.