var-200202-0014
Vulnerability from variot
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed. This issue is also referenced in VU#124059. GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU#975041. A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests. An attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications. Attackers can use this information to further attack the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200202-0014",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.6"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.0"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.2"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.1"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.4"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.5"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.7"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "goahead",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation controllogix 1756-enbt/a ethernet/ip bridge",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "0"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.7"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.6"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.5"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.4"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.3"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.2"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.1"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.0"
},
{
"model": "software goahead webserver",
"scope": "ne",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#124059"
},
{
"db": "BID",
"id": "9239"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-008"
},
{
"db": "NVD",
"id": "CVE-2002-1603"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma\u203b aluigi@pivx.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200202-008"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1603",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-1603",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5988",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1603",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#975041",
"trust": 0.8,
"value": "1.91"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#124059",
"trust": 0.8,
"value": "0.06"
},
{
"author": "CNNVD",
"id": "CNNVD-200202-008",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5988",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#975041"
},
{
"db": "CERT/CC",
"id": "VU#124059"
},
{
"db": "VULHUB",
"id": "VHN-5988"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-008"
},
{
"db": "NVD",
"id": "CVE-2002-1603"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed. This issue is also referenced in VU#124059. GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU#975041. A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests. \nAn attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications. Attackers can use this information to further attack the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1603"
},
{
"db": "CERT/CC",
"id": "VU#975041"
},
{
"db": "CERT/CC",
"id": "VU#124059"
},
{
"db": "BID",
"id": "9239"
},
{
"db": "VULHUB",
"id": "VHN-5988"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5988",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5988"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#975041",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#124059",
"trust": 2.8
},
{
"db": "BID",
"id": "9239",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1603",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "7741",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "13295",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1005820",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "12815",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200202-008",
"trust": 0.7
},
{
"db": "XF",
"id": "10885",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "23446",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-77211",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5988",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#975041"
},
{
"db": "CERT/CC",
"id": "VU#124059"
},
{
"db": "VULHUB",
"id": "VHN-5988"
},
{
"db": "BID",
"id": "9239"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-008"
},
{
"db": "NVD",
"id": "CVE-2002-1603"
}
]
},
"id": "VAR-200202-0014",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5988"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:47:38.992000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1603"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.3,
"url": "http://data.goahead.com/software/webserver/2.1.8/release.htm#bug-with-urls-like-asp"
},
{
"trust": 4.3,
"url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"
},
{
"trust": 3.8,
"url": "http://www.kb.cert.org/vuls/id/975041"
},
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/124059"
},
{
"trust": 3.0,
"url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"
},
{
"trust": 2.9,
"url": "http://www.procheckup.com/security_info/vuln_pr0213.html"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/9239"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/rgii-7mwkz3"
},
{
"trust": 2.7,
"url": "http://www.procheckup.com/pdfs/procheckup_vulns_2002.pdf"
},
{
"trust": 2.7,
"url": "http://www.osvdb.org/13295"
},
{
"trust": 2.7,
"url": "http://securitytracker.com/id?1005820"
},
{
"trust": 2.7,
"url": "http://secunia.com/advisories/7741"
},
{
"trust": 2.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"
},
{
"trust": 0.8,
"url": "http://web.archive.org/web/20030110134751/http://www.procheckup.com/security_info/vuln_pr0213.html"
},
{
"trust": 0.8,
"url": "http://www.ab.com/networks/architectures.html"
},
{
"trust": 0.8,
"url": "http://data.goahead.com/software/webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518"
},
{
"trust": 0.8,
"url": "http://www.nerc.com/fileuploads/file/events%20analysis/a-2009-02-13-01.pdf"
},
{
"trust": 0.8,
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/57729"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=goahead+web+server"
},
{
"trust": 0.8,
"url": "http://www.exploit-db.com/exploits/12815/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/10885"
},
{
"trust": 0.3,
"url": "http://www.goahead.com/webserver/webserver.htm"
},
{
"trust": 0.3,
"url": "/archive/1/347805"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#975041"
},
{
"db": "CERT/CC",
"id": "VU#124059"
},
{
"db": "VULHUB",
"id": "VHN-5988"
},
{
"db": "BID",
"id": "9239"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-008"
},
{
"db": "NVD",
"id": "CVE-2002-1603"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#975041"
},
{
"db": "CERT/CC",
"id": "VU#124059"
},
{
"db": "VULHUB",
"id": "VHN-5988"
},
{
"db": "BID",
"id": "9239"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-008"
},
{
"db": "NVD",
"id": "CVE-2002-1603"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-17T00:00:00",
"db": "CERT/CC",
"id": "VU#975041"
},
{
"date": "2009-02-05T00:00:00",
"db": "CERT/CC",
"id": "VU#124059"
},
{
"date": "2002-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-5988"
},
{
"date": "2003-12-17T00:00:00",
"db": "BID",
"id": "9239"
},
{
"date": "2002-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200202-008"
},
{
"date": "2002-02-13T05:00:00",
"db": "NVD",
"id": "CVE-2002-1603"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#975041"
},
{
"date": "2010-06-22T00:00:00",
"db": "CERT/CC",
"id": "VU#124059"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-5988"
},
{
"date": "2009-02-19T21:47:00",
"db": "BID",
"id": "9239"
},
{
"date": "2009-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200202-008"
},
{
"date": "2024-11-20T23:41:41.983000",
"db": "NVD",
"id": "CVE-2002-1603"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200202-008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GoAhead Web Server discloses source code of ASP files via crafted URL",
"sources": [
{
"db": "CERT/CC",
"id": "VU#975041"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200202-008"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…