search menu icon-carat-right cmu-wordmark

CERT Coordination Center

GoAhead Web Server discloses source code of ASP files via crafted URL

Vulnerability Note VU#975041

Original Release Date: 2002-12-17 | Last Revised: 2010-01-11

Overview

An input validation vulnerability in the GoAhead Web Server allows attackers to view sensitive information. This issue is also referenced in VU#124059.

Description

The GoAhead Web Server inadequately filters user-supplied input. Specifically, the server does not properly filter malformed requests for .asp files. For more detailed information, please see ProCheckUp Security Bulletin PR02-13 [archive.org].

Impact

A remote attacker can gain access to sensitive information.

Solution

Release notes for GoAhead WebServer 2.1.8 indicate that this vulnerability has been addressed.

Vendor Information

975041
 

GoAhead Software Unknown

Updated:  December 17, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Steve Knight for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2002-1603
Severity Metric: 1.91
Date Public: 2002-12-17
Date First Published: 2002-12-17
Date Last Updated: 2010-01-11 05:42 UTC
Document Revision: 11

Sponsored by CISA.