Overview
An input validation vulnerability in the GoAhead Web Server allows attackers to view sensitive information. This issue is also referenced in VU#124059.
Description
The GoAhead Web Server inadequately filters user-supplied input. Specifically, the server does not properly filter malformed requests for .asp files. For more detailed information, please see ProCheckUp Security Bulletin PR02-13 [archive.org]. |
Impact
A remote attacker can gain access to sensitive information. |
Solution
Release notes for GoAhead WebServer 2.1.8 indicate that this vulnerability has been addressed. |
Vendor Information
975041
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Steve Knight for reporting this vulnerability.
This document was written by Ian A Finlay.
Other Information
| CVE IDs: | CVE-2002-1603 |
| Severity Metric: | 1.91 |
| Date Public: | 2002-12-17 |
| Date First Published: | 2002-12-17 |
| Date Last Updated: | 2010-01-11 05:42 UTC |
| Document Revision: | 11 |