All the vulnerabilites related to goahead - goahead_webserver
Vulnerability from fkie_nvd
Published
2009-02-06 19:30
Modified
2024-11-20 23:43
Severity ?
Summary
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| goahead | goahead_webserver | * | |
| goahead | goahead_webserver | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D18D0-A8D4-4C2F-8B46-9952BCD8D1E2",
"versionEndIncluding": "2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3111BC75-62C7-4710-99A6-258F6A07E8B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via \"an extra slash in a URL,\" a different vulnerability than CVE-2002-1603."
},
{
"lang": "es",
"value": "The security handler en GoAhead WebServer anterior a v2.1.1 permite a atacantes remotos evitar la autenticaci\u00f3n y obtener aaceso a contenido web protegido a trav\u00e9s de \"un caracter extra en una URL\", una vulnerabilidad diferente a CVE-2002-1603."
}
],
"id": "CVE-2002-2427",
"lastModified": "2024-11-20T23:43:39.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-06T19:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/124059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/124059"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-06 19:30
Modified
2024-11-20 23:43
Severity ?
Summary
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| goahead | goahead_webserver | * | |
| goahead | goahead_webserver | 2.0 | |
| goahead | goahead_webserver | 2.1 | |
| goahead | goahead_webserver | 2.1.1 | |
| goahead | goahead_webserver | 2.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04F9AC93-B27F-4153-AD04-E54F06AF5334",
"versionEndIncluding": "2.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3111BC75-62C7-4710-99A6-258F6A07E8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "588A7477-B234-43C9-80AD-4AADC76F982C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC0AB3F-B4A7-4D6B-B4CF-4024EAA59DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E68CF71-3251-406E-BC0D-079510EDDFFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header."
},
{
"lang": "es",
"value": "webs.c en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n HTTP POST que contiene un entero negativo en la cabecera Content-Length."
}
],
"id": "CVE-2002-2429",
"lastModified": "2024-11-20T23:43:40.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-06T19:30:00.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-06 19:30
Modified
2024-11-20 23:43
Severity ?
Summary
GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| goahead | goahead_webserver | * | |
| goahead | goahead_webserver | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D18D0-A8D4-4C2F-8B46-9952BCD8D1E2",
"versionEndIncluding": "2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3111BC75-62C7-4710-99A6-258F6A07E8B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server."
},
{
"lang": "es",
"value": "GoAhead WebServer anterior a v2.1.1 permite a actacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU)implicando una desconexi\u00f3n de socket que finalizar\u00e1 una petici\u00f3n antes de que \u00e9sta haya sido totalmente procesada por el servidor."
}
],
"id": "CVE-2002-2430",
"lastModified": "2024-11-20T23:43:40.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-06T19:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-06 19:30
Modified
2024-11-20 23:43
Severity ?
Summary
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| goahead | goahead_webserver | * | |
| goahead | goahead_webserver | 2.0 | |
| goahead | goahead_webserver | 2.1 | |
| goahead | goahead_webserver | 2.1.1 | |
| goahead | goahead_webserver | 2.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04F9AC93-B27F-4153-AD04-E54F06AF5334",
"versionEndIncluding": "2.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3111BC75-62C7-4710-99A6-258F6A07E8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "588A7477-B234-43C9-80AD-4AADC76F982C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC0AB3F-B4A7-4D6B-B4CF-4024EAA59DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E68CF71-3251-406E-BC0D-079510EDDFFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data."
},
{
"lang": "es",
"value": "webs.c en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n HTTP POST que contiene una cabecera Content-Length pero no datos del cuerpo."
}
],
"id": "CVE-2002-2428",
"lastModified": "2024-11-20T23:43:39.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-06T19:30:00.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-03 10:55
Modified
2024-11-21 01:32
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| goahead | goahead_webserver | 2.1.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2C9EF0-78B3-4D87-AA07-0E69845D9A2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en GoAhead Webserver v2.18 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el grupo de par\u00e1metros para goform/AddGroup, en relaci\u00f3n con addgroup.asp, (2) el par\u00e1metro url para goform/AddAccessLimit, en relaci\u00f3n con addlimit.asp, o el (3) de usuario (User ID aka) o (4) el grupo de par\u00e1metros para goform/AddUser, en relaci\u00f3n con adduser.asp."
}
],
"id": "CVE-2011-4273",
"lastModified": "2024-11-21T01:32:07.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-11-03T10:55:08.937",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/46894"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/384427"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/384427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70434"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-06 19:30
Modified
2024-11-20 23:47
Severity ?
Summary
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| goahead | goahead_webserver | * | |
| goahead | goahead_webserver | 2.0 | |
| goahead | goahead_webserver | 2.1 | |
| goahead | goahead_webserver | 2.1.1 | |
| goahead | goahead_webserver | 2.1.2 | |
| goahead | goahead_webserver | 2.1.3 | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_me | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C13905-73EB-4DA1-AE70-258D9B8876AF",
"versionEndIncluding": "2.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3111BC75-62C7-4710-99A6-258F6A07E8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "588A7477-B234-43C9-80AD-4AADC76F982C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC0AB3F-B4A7-4D6B-B4CF-4024EAA59DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E68CF71-3251-406E-BC0D-079510EDDFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCE3FBE-F422-42B7-9FBA-A82E208306FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82F7322B-8022-4D0B-ADB3-D0F5B6F20309",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_98:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B68C0-2676-4F21-8EF0-1749103CB8C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385."
},
{
"lang": "es",
"value": "GoAhead WebServer anterior a v2.1.5 en Windows 95, 98, and ME permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n HTTP con un nombre de dispositivo en un componente de ruta\r\n1) con, (2) nul, (3) clock$, o (4) config$, vector diferente que CVE-2001-0385."
}
],
"id": "CVE-2003-1569",
"lastModified": "2024-11-20T23:47:27.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-06T19:30:00.407",
"references": [
{
"source": "cve@mitre.org",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-27 18:55
Modified
2024-11-21 01:11
Severity ?
Summary
GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| goahead | goahead_webserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC42FDC4-B564-436B-AA16-34582176F85C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris."
},
{
"lang": "es",
"value": "GoAhead WebServer permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n HTTP parcial, tal como se ha demostrado por Slowloris."
}
],
"id": "CVE-2009-5111",
"lastModified": "2024-11-21T01:11:11.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-27T18:55:01.047",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ha.ckers.org/slowloris/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ha.ckers.org/slowloris/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-06 19:30
Modified
2024-11-20 23:47
Severity ?
Summary
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| goahead | goahead_webserver | 2.0 | |
| goahead | goahead_webserver | 2.1 | |
| goahead | goahead_webserver | 2.1.1 | |
| goahead | goahead_webserver | 2.1.2 | |
| goahead_software | goahead_webserver | * | |
| goahead_software | goahead_webserver | 2.1.3 | |
| goahead_software | goahead_webserver | 2.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3111BC75-62C7-4710-99A6-258F6A07E8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "588A7477-B234-43C9-80AD-4AADC76F982C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC0AB3F-B4A7-4D6B-B4CF-4024EAA59DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E68CF71-3251-406E-BC0D-079510EDDFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "147A9799-1175-44BB-924E-0A3A966371BB",
"versionEndIncluding": "2.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B147EAF-E6A0-4D0C-8C27-BA27F844A816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B729D721-2FD3-4522-8CB3-526B7454D124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function."
},
{
"lang": "es",
"value": "GoAhead WebServer anterior a v2.1.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero nulo o ca\u00edda de demonio) a trav\u00e9s de una URL invalida, relacionada con la funci\u00f3n websSafeUrl."
}
],
"id": "CVE-2003-1568",
"lastModified": "2024-11-20T23:47:27.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-06T19:30:00.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-06 19:30
Modified
2024-11-20 23:43
Severity ?
Summary
Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| goahead | goahead_webserver | * | |
| goahead | goahead_webserver | 2.0 | |
| goahead | goahead_webserver | 2.1 | |
| goahead | goahead_webserver | 2.1.1 | |
| goahead | goahead_webserver | 2.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04F9AC93-B27F-4153-AD04-E54F06AF5334",
"versionEndIncluding": "2.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3111BC75-62C7-4710-99A6-258F6A07E8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "588A7477-B234-43C9-80AD-4AADC76F982C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC0AB3F-B4A7-4D6B-B4CF-4024EAA59DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E68CF71-3251-406E-BC0D-079510EDDFFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause \"incorrect behavior\" via unknown \"malicious code,\" related to incorrect use of the socketInputBuffered function by sockGen.c."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar \"funcionamiento incorrecto\" a trav\u00e9s de \"c\u00f3digo malicioso\" desconocido, relacionado con el uso incorrecto de la funci\u00f3n \"socketInputBuffered\" en sockGen.c."
}
],
"id": "CVE-2002-2431",
"lastModified": "2024-11-20T23:43:40.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-06T19:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2002-2430
Vulnerability from cvelistv5
Published
2009-02-06 19:00
Modified
2024-09-16 22:35
Severity ?
EPSS score ?
Summary
GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865",
"refsource": "CONFIRM",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2430",
"datePublished": "2009-02-06T19:00:00Z",
"dateReserved": "2009-02-06T00:00:00Z",
"dateUpdated": "2024-09-16T22:35:37.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2428
Vulnerability from cvelistv5
Published
2009-02-06 19:00
Modified
2024-09-17 03:52
Severity ?
EPSS score ?
Summary
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:53.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c",
"refsource": "CONFIRM",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2428",
"datePublished": "2009-02-06T19:00:00Z",
"dateReserved": "2009-02-06T00:00:00Z",
"dateUpdated": "2024-09-17T03:52:39.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1568
Vulnerability from cvelistv5
Published
2009-02-06 19:00
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:16.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl",
"refsource": "CONFIRM",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1568",
"datePublished": "2009-02-06T19:00:00Z",
"dateReserved": "2009-02-06T00:00:00Z",
"dateUpdated": "2024-09-16T19:56:50.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2427
Vulnerability from cvelistv5
Published
2009-02-06 19:00
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
References
| ▼ | URL | Tags |
|---|---|---|
| http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518 | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/124059 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518"
},
{
"name": "VU#124059",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/124059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via \"an extra slash in a URL,\" a different vulnerability than CVE-2002-1603."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518"
},
{
"name": "VU#124059",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/124059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via \"an extra slash in a URL,\" a different vulnerability than CVE-2002-1603."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518",
"refsource": "CONFIRM",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518"
},
{
"name": "VU#124059",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/124059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2427",
"datePublished": "2009-02-06T19:00:00Z",
"dateReserved": "2009-02-06T00:00:00Z",
"dateUpdated": "2024-09-17T03:43:27.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2431
Vulnerability from cvelistv5
Published
2009-02-06 19:00
Modified
2024-09-17 02:42
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause \"incorrect behavior\" via unknown \"malicious code,\" related to incorrect use of the socketInputBuffered function by sockGen.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause \"incorrect behavior\" via unknown \"malicious code,\" related to incorrect use of the socketInputBuffered function by sockGen.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c",
"refsource": "CONFIRM",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2431",
"datePublished": "2009-02-06T19:00:00Z",
"dateReserved": "2009-02-06T00:00:00Z",
"dateUpdated": "2024-09-17T02:42:04.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2429
Vulnerability from cvelistv5
Published
2009-02-06 19:00
Modified
2024-09-16 17:19
Severity ?
EPSS score ?
Summary
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c",
"refsource": "CONFIRM",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2429",
"datePublished": "2009-02-06T19:00:00Z",
"dateReserved": "2009-02-06T00:00:00Z",
"dateUpdated": "2024-09-16T17:19:07.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5111
Vulnerability from cvelistv5
Published
2011-12-27 18:00
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ha.ckers.org/slowloris/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.ckers.org/slowloris/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-27T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.ckers.org/slowloris/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ha.ckers.org/slowloris/",
"refsource": "MISC",
"url": "http://ha.ckers.org/slowloris/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5111",
"datePublished": "2011-12-27T18:00:00Z",
"dateReserved": "2011-12-27T00:00:00Z",
"dateUpdated": "2024-09-17T03:38:21.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1569
Vulnerability from cvelistv5
Published
2009-02-06 19:00
Modified
2024-09-16 17:14
Severity ?
EPSS score ?
Summary
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.
References
| ▼ | URL | Tags |
|---|---|---|
| http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service",
"refsource": "CONFIRM",
"url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1569",
"datePublished": "2009-02-06T19:00:00Z",
"dateReserved": "2009-02-06T00:00:00Z",
"dateUpdated": "2024-09-16T17:14:44.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4273
Vulnerability from cvelistv5
Published
2011-11-03 10:00
Modified
2024-08-07 00:01
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/384427 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70434 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/46894 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#384427",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/384427"
},
{
"name": "goahead-multiple-xss(70434)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70434"
},
{
"name": "46894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#384427",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/384427"
},
{
"name": "goahead-multiple-xss(70434)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70434"
},
{
"name": "46894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#384427",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/384427"
},
{
"name": "goahead-multiple-xss(70434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70434"
},
{
"name": "46894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4273",
"datePublished": "2011-11-03T10:00:00",
"dateReserved": "2011-11-02T00:00:00",
"dateUpdated": "2024-08-07T00:01:51.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}