MidnightBSD

Advisories for goahead_software

CVE-2001-0228 MEDIUM

Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
goahead_software goahead_webserver v.2.0
goahead_software goahead_webserver v.2.1
CVE-2001-0385 MEDIUM

GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
goahead_software goahead_webserver 2.1
CVE-2002-0680 MEDIUM

Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
goahead_software goahead_webserver 2.1.4
goahead_software goahead_webserver 2.1.3
goahead_software goahead_webserver 2.1.2
orange_software orange_web_server 2.1
montavista_software hard_hat_linux 1.0
goahead_software goahead_webserver 2.1.1
goahead_software goahead_webserver 2.1.5
CVE-2002-0681 HIGH

Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
goahead_software goahead_webserver 2.1.4
goahead_software goahead_webserver 2.1.3
goahead_software goahead_webserver 2.1.2
goahead_software goahead_webserver 2.1.1
goahead_software goahead_webserver 2.1.5
CVE-2002-1603 MEDIUM

GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
goahead_software goahead_webserver 2.1.4
goahead_software goahead_webserver 2.1.7
goahead_software goahead_webserver 2.1.3
goahead_software goahead_webserver 2.1.2
goahead_software goahead_webserver 2.1.6
goahead_software goahead_webserver 2.1.1
goahead_software goahead_webserver 2.1
goahead_software goahead_webserver 2.0
goahead_software goahead_webserver 2.1.5
CVE-2002-1951 HIGH

Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
goahead_software goahead_webserver 2.1