var-200207-0044
Vulnerability from variot
Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script. A vulnerability has been reported for GoAhead WebServer 2.1. Reportedly, it is possible for attackers to launch cross site scripting attacks against vulnerable systems. GoAhead WebServer includes unsanitized requested URLs when displaying a 404 error page. An attacker may be able to trick a user into following a link which includes malicious script code, and executing the attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200207-0044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.2"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.4"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.1"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.5"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.6,
"vendor": "goahead",
"version": "2.1.3"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.6,
"vendor": "goahead",
"version": "2.1"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.5"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.4"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.3"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.2"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.1"
},
{
"model": "software goahead webserver",
"scope": "ne",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.6"
}
],
"sources": [
{
"db": "BID",
"id": "5198"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-088"
},
{
"db": "NVD",
"id": "CVE-2002-0681"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery credited to Matt Moore \u003cmatt@westpoint.ltd.uk\u003e.",
"sources": [
{
"db": "BID",
"id": "5198"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-088"
}
],
"trust": 0.9
},
"cve": "CVE-2002-0681",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0681",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5072",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0681",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200207-088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5072",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5072"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-088"
},
{
"db": "NVD",
"id": "CVE-2002-0681"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a \"404 not found\" message, which does not quote the script. A vulnerability has been reported for GoAhead WebServer 2.1. Reportedly, it is possible for attackers to launch cross site scripting attacks against vulnerable systems. \nGoAhead WebServer includes unsanitized requested URLs when displaying a 404 error page. An attacker may be able to trick a user into following a link which includes malicious script code, and executing the attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0681"
},
{
"db": "BID",
"id": "5198"
},
{
"db": "VULHUB",
"id": "VHN-5072"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5072",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5072"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5198",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0681",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "81099",
"trust": 1.1
},
{
"db": "VULNWATCH",
"id": "20020710 [VULNWATCH] WP-02-0001: GOAHEAD WEB SERVER DIRECTORY TRAVERSAL + CROSS SITE SCRIPTING",
"trust": 0.6
},
{
"db": "XF",
"id": "9518",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020710 WP-02-0001: GOAHEAD WEB SERVER DIRECTORY TRAVERSAL + CROSS SITE SCRIPTING",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200207-088",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21608",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75433",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5072",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5072"
},
{
"db": "BID",
"id": "5198"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-088"
},
{
"db": "NVD",
"id": "CVE-2002-0681"
}
]
},
"id": "VAR-200207-0044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5072"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T20:56:43.286000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0681"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/5198"
},
{
"trust": 2.7,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html"
},
{
"trust": 2.7,
"url": "http://www.iss.net/security_center/static/9518.php"
},
{
"trust": 2.1,
"url": "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539"
},
{
"trust": 2.1,
"url": "http://osvdb.org/81099"
},
{
"trust": 2.0,
"url": "http://marc.info/?l=bugtraq\u0026m=102631742711795\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=102631742711795\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.goahead.com/webserver/webserver.htm"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=102631742711795\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5072"
},
{
"db": "BID",
"id": "5198"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-088"
},
{
"db": "NVD",
"id": "CVE-2002-0681"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5072"
},
{
"db": "BID",
"id": "5198"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-088"
},
{
"db": "NVD",
"id": "CVE-2002-0681"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-23T00:00:00",
"db": "VULHUB",
"id": "VHN-5072"
},
{
"date": "2002-07-10T00:00:00",
"db": "BID",
"id": "5198"
},
{
"date": "2002-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200207-088"
},
{
"date": "2002-07-23T04:00:00",
"db": "NVD",
"id": "CVE-2002-0681"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-5072"
},
{
"date": "2009-07-11T14:56:00",
"db": "BID",
"id": "5198"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200207-088"
},
{
"date": "2024-11-20T23:39:37.853000",
"db": "NVD",
"id": "CVE-2002-0681"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GoAhead WebServer Error page bypassing site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-088"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-088"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…