GoAhead WebServer Script Source Code Disclosure Network Vulnerability

Summary

A vulnerable version of GoAhead Webserver is running on the remote host. Description : GoAhead Webserver is installed on the remote system. It's an open-source webserver, which is capable of hosting ASP pages, and installation on multiple operating systems. The version installed is vulnerable to Script Source Code Disclosure, by adding extra characters to the URL. Possible characters are %00, %5C, %2F.

Solution

Upgrade to GoAhead WebServer 2.1.8 or a newer release.

References

http://aluigi.altervista.org/adv/goahead-adv3.txt
http://www.kb.cert.org/vuls/id/975041

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-1603
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Authentication bypassing in Lotus Domino
Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
Apache UserDir Sensitive Information Disclosure
Apache Tomcat Request Object Security Bypass Vulnerability (Win)

Take action and discover your vulnerabilities