Vulnerabilities > CVE-2002-0680 - Directory Traversal vulnerability in GoAhead WebServer

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

goahead-software

orange-software

montavista-software

exploit available

NVD

Published: 2002-07-23

Updated: 2017-12-20

Summary

Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.

Vulnerable Configurations

Part	Description	Count
Application	Goahead_Software Goahead Software Goahead Webserver 2.1.1 Goahead Software Goahead Webserver 2.1.2 Goahead Software Goahead Webserver 2.1.3 Goahead Software Goahead Webserver 2.1.4 Goahead Software Goahead Webserver 2.1.5	5
Application	Orange_Software Orange Software Orange WEB Server 2.1	1
OS	Montavista_Software Montavista Software Hard HAT Linux 1.0	1

Exploit-Db

description	GoAhead WebServer 2.1.x URL Encoded Slash Directory Traversal Vulnerability. CVE-2002-0680. Remote exploit for windows platform
id	EDB-ID:21607
last seen	2016-02-02
modified	2002-07-10
published	2002-07-10
reporter	Matt Moore
source	https://www.exploit-db.com/download/21607/
title	GoAhead WebServer 2.1.x URL Encoded Slash Directory Traversal Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References