Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| orange_software | orange_web_server | 2.1 |
Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| goahead_software | goahead_webserver | 2.1.4 |
| goahead_software | goahead_webserver | 2.1.5 |
| montavista_software | hard_hat_linux | 1.0 |
| goahead_software | goahead_webserver | 2.1.2 |
| goahead_software | goahead_webserver | 2.1.1 |
| orange_software | orange_web_server | 2.1 |
| goahead_software | goahead_webserver | 2.1.3 |