Vulnerabilities > CVE-2002-1603 - Unspecified vulnerability in Goahead Software Goahead Webserver
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.
Vulnerable Configurations
Exploit-Db
| description | GoAhead Webserver 2.1.x ASP Script File Source Code Disclosure Vulnerability. CVE-2002-1603. Remote exploit for windows platform |
| id | EDB-ID:23446 |
| last seen | 2016-02-02 |
| modified | 2002-12-17 |
| published | 2002-12-17 |
| reporter | Luigi Auriemma |
| source | https://www.exploit-db.com/download/23446/ |
| title | GoAhead Webserver 2.1.x ASP Script File Source Code Disclosure Vulnerability |
References
- http://aluigi.altervista.org/adv/goahead-adv3.txt
- http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp
- http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729
- http://secunia.com/advisories/7741
- http://securitytracker.com/id?1005820
- http://www.kb.cert.org/vuls/id/124059
- http://www.kb.cert.org/vuls/id/975041
- http://www.kb.cert.org/vuls/id/RGII-7MWKZ3
- http://www.osvdb.org/13295
- http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf
- http://www.procheckup.com/security_info/vuln_pr0213.html
- http://www.securityfocus.com/bid/9239
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10885