Overview
An input validation vulnerability in the GoAhead Web Server allows attackers to view sensitive information. This issue is also referenced in VU#124059.
Description
The GoAhead Web Server inadequately filters user-supplied input. Specifically, the server does not properly filter malformed requests for .asp files. For more detailed information, please see ProCheckUp Security Bulletin PR02-13 [archive.org]. |
Impact
A remote attacker can gain access to sensitive information. |
Solution
Release notes for GoAhead WebServer 2.1.8 indicate that this vulnerability has been addressed. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
Thanks to Steve Knight for reporting this vulnerability.
This document was written by Ian A Finlay.
Other Information
CVE IDs: | CVE-2002-1603 |
Severity Metric: | 1.91 |
Date Public: | 2002-12-17 |
Date First Published: | 2002-12-17 |
Date Last Updated: | 2010-01-11 05:42 UTC |
Document Revision: | 11 |