cvelistv5 - cve-2002-1603

CVE-2002-1603 (GCVE-0-2002-1603)

Vulnerability from cvelistv5 – Published: 2005-03-25 05:00 – Updated: 2024-08-08 03:34

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.kb.cert.org/vuls/id/975041	third-party-advisoryx_refsource_CERT-VN
	http://secunia.com/advisories/7741	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/124059	third-party-advisoryx_refsource_CERT-VN
	http://rockwellautomation.custhelp.com/cgi-bin/ro…	x_refsource_CONFIRM
	http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2…	x_refsource_MISC
	http://data.goahead.com/Software/Webserver/2.1.8/…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/RGII-7MWKZ3	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/9239	vdb-entryx_refsource_BID
	http://aluigi.altervista.org/adv/goahead-adv3.txt	x_refsource_MISC
	http://securitytracker.com/id?1005820	vdb-entryx_refsource_SECTRACK
	http://www.osvdb.org/13295	vdb-entryx_refsource_OSVDB
	http://www.procheckup.com/security_info/vuln_pr02…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:34:54.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "goahead-script-source-disclosure(10885)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"
          },
          {
            "name": "VU#975041",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/975041"
          },
          {
            "name": "7741",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/7741"
          },
          {
            "name": "VU#124059",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/124059"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"
          },
          {
            "name": "9239",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9239"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"
          },
          {
            "name": "1005820",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1005820"
          },
          {
            "name": "13295",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/13295"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "goahead-script-source-disclosure(10885)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"
        },
        {
          "name": "VU#975041",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/975041"
        },
        {
          "name": "7741",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/7741"
        },
        {
          "name": "VU#124059",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/124059"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"
        },
        {
          "name": "9239",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9239"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"
        },
        {
          "name": "1005820",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1005820"
        },
        {
          "name": "13295",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/13295"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1603",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "goahead-script-source-disclosure(10885)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"
            },
            {
              "name": "VU#975041",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/975041"
            },
            {
              "name": "7741",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/7741"
            },
            {
              "name": "VU#124059",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/124059"
            },
            {
              "name": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729",
              "refsource": "CONFIRM",
              "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"
            },
            {
              "name": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf",
              "refsource": "MISC",
              "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"
            },
            {
              "name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp",
              "refsource": "CONFIRM",
              "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3",
              "refsource": "CONFIRM",
              "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"
            },
            {
              "name": "9239",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9239"
            },
            {
              "name": "http://aluigi.altervista.org/adv/goahead-adv3.txt",
              "refsource": "MISC",
              "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"
            },
            {
              "name": "1005820",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1005820"
            },
            {
              "name": "13295",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/13295"
            },
            {
              "name": "http://www.procheckup.com/security_info/vuln_pr0213.html",
              "refsource": "MISC",
              "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1603",
    "datePublished": "2005-03-25T05:00:00",
    "dateReserved": "2005-03-25T00:00:00",
    "dateUpdated": "2024-08-08T03:34:54.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:goahead_software:goahead_webserver:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49A1B406-C1F8-468B-B1A9-F016EBCC4AFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:goahead_software:goahead_webserver:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08178800-0020-4052-AFA8-BC21B10AF491\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:goahead_software:goahead_webserver:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21EFC04A-DC4A-4491-BAFC-996F8C127438\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:goahead_software:goahead_webserver:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40304420-26E0-4F6D-B368-7BBC068CCCCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:goahead_software:goahead_webserver:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B147EAF-E6A0-4D0C-8C27-BA27F844A816\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:goahead_software:goahead_webserver:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B729D721-2FD3-4522-8CB3-526B7454D124\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:goahead_software:goahead_webserver:2.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56B99EBA-8968-4948-9650-36CC2B95AD01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:goahead_software:goahead_webserver:2.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2929801F-548E-490A-9A98-F5DE17A1BD52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:goahead_software:goahead_webserver:2.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD03EDC6-0841-41E6-BD54-17578239DB48\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\\\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.\"}]",
      "id": "CVE-2002-1603",
      "lastModified": "2024-11-20T23:41:41.983",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2002-02-13T05:00:00.000",
      "references": "[{\"url\": \"http://aluigi.altervista.org/adv/goahead-adv3.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/7741\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1005820\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/124059\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/975041\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/RGII-7MWKZ3\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/13295\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.procheckup.com/security_info/vuln_pr0213.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/9239\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/10885\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://aluigi.altervista.org/adv/goahead-adv3.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/7741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1005820\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/124059\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/975041\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/RGII-7MWKZ3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/13295\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.procheckup.com/security_info/vuln_pr0213.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/9239\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/10885\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2002-1603\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-02-13T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\\\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:goahead_software:goahead_webserver:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49A1B406-C1F8-468B-B1A9-F016EBCC4AFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:goahead_software:goahead_webserver:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08178800-0020-4052-AFA8-BC21B10AF491\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:goahead_software:goahead_webserver:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21EFC04A-DC4A-4491-BAFC-996F8C127438\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:goahead_software:goahead_webserver:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40304420-26E0-4F6D-B368-7BBC068CCCCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:goahead_software:goahead_webserver:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B147EAF-E6A0-4D0C-8C27-BA27F844A816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:goahead_software:goahead_webserver:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B729D721-2FD3-4522-8CB3-526B7454D124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:goahead_software:goahead_webserver:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56B99EBA-8968-4948-9650-36CC2B95AD01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:goahead_software:goahead_webserver:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2929801F-548E-490A-9A98-F5DE17A1BD52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:goahead_software:goahead_webserver:2.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD03EDC6-0841-41E6-BD54-17578239DB48\"}]}]}],\"references\":[{\"url\":\"http://aluigi.altervista.org/adv/goahead-adv3.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/7741\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1005820\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/124059\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/975041\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/RGII-7MWKZ3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/13295\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.procheckup.com/security_info/vuln_pr0213.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/9239\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/10885\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aluigi.altervista.org/adv/goahead-adv3.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/7741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1005820\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/124059\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/975041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/RGII-7MWKZ3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/13295\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.procheckup.com/security_info/vuln_pr0213.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/9239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/10885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2002-1603

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2002-1603

Aliases

CVE-2002-1603

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2002-1603",
    "description": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.",
    "id": "GSD-2002-1603"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2002-1603"
      ],
      "details": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.",
      "id": "GSD-2002-1603",
      "modified": "2023-12-13T01:24:09.997738Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2002-1603",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "goahead-script-source-disclosure(10885)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"
          },
          {
            "name": "VU#975041",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/975041"
          },
          {
            "name": "7741",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/7741"
          },
          {
            "name": "VU#124059",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/124059"
          },
          {
            "name": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729",
            "refsource": "CONFIRM",
            "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"
          },
          {
            "name": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf",
            "refsource": "MISC",
            "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"
          },
          {
            "name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp",
            "refsource": "CONFIRM",
            "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"
          },
          {
            "name": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3",
            "refsource": "CONFIRM",
            "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"
          },
          {
            "name": "9239",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/9239"
          },
          {
            "name": "http://aluigi.altervista.org/adv/goahead-adv3.txt",
            "refsource": "MISC",
            "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"
          },
          {
            "name": "1005820",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1005820"
          },
          {
            "name": "13295",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/13295"
          },
          {
            "name": "http://www.procheckup.com/security_info/vuln_pr0213.html",
            "refsource": "MISC",
            "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1603"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.procheckup.com/security_info/vuln_pr0213.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"
            },
            {
              "name": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"
            },
            {
              "name": "http://aluigi.altervista.org/adv/goahead-adv3.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"
            },
            {
              "name": "VU#975041",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/975041"
            },
            {
              "name": "1005820",
              "refsource": "SECTRACK",
              "tags": [
                "Exploit"
              ],
              "url": "http://securitytracker.com/id?1005820"
            },
            {
              "name": "9239",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/9239"
            },
            {
              "name": "13295",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/13295"
            },
            {
              "name": "7741",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/7741"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"
            },
            {
              "name": "VU#124059",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/124059"
            },
            {
              "name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"
            },
            {
              "name": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"
            },
            {
              "name": "goahead-script-source-disclosure(10885)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-11T01:29Z",
      "publishedDate": "2002-02-13T05:00Z"
    }
  }
}

FKIE_CVE-2002-1603

Vulnerability from fkie_nvd - Published: 2002-02-13 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://aluigi.altervista.org/adv/goahead-adv3.txt	Exploit, Vendor Advisory
cve@mitre.org	http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp
cve@mitre.org	http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729
cve@mitre.org	http://secunia.com/advisories/7741
cve@mitre.org	http://securitytracker.com/id?1005820	Exploit
cve@mitre.org	http://www.kb.cert.org/vuls/id/124059	US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/975041	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/RGII-7MWKZ3
cve@mitre.org	http://www.osvdb.org/13295
cve@mitre.org	http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf
cve@mitre.org	http://www.procheckup.com/security_info/vuln_pr0213.html
cve@mitre.org	http://www.securityfocus.com/bid/9239	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/10885
af854a3a-2127-422b-91ae-364da2661108	http://aluigi.altervista.org/adv/goahead-adv3.txt	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp
af854a3a-2127-422b-91ae-364da2661108	http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/7741
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1005820	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/124059	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/975041	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/RGII-7MWKZ3
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/13295
af854a3a-2127-422b-91ae-364da2661108	http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.procheckup.com/security_info/vuln_pr0213.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/9239	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/10885

Impacted products

Vendor	Product	Version
goahead_software	goahead_webserver	2.0
goahead_software	goahead_webserver	2.1
goahead_software	goahead_webserver	2.1.1
goahead_software	goahead_webserver	2.1.2
goahead_software	goahead_webserver	2.1.3
goahead_software	goahead_webserver	2.1.4
goahead_software	goahead_webserver	2.1.5
goahead_software	goahead_webserver	2.1.6
goahead_software	goahead_webserver	2.1.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49A1B406-C1F8-468B-B1A9-F016EBCC4AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "08178800-0020-4052-AFA8-BC21B10AF491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "21EFC04A-DC4A-4491-BAFC-996F8C127438",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "40304420-26E0-4F6D-B368-7BBC068CCCCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B147EAF-E6A0-4D0C-8C27-BA27F844A816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B729D721-2FD3-4522-8CB3-526B7454D124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "56B99EBA-8968-4948-9650-36CC2B95AD01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2929801F-548E-490A-9A98-F5DE17A1BD52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD03EDC6-0841-41E6-BD54-17578239DB48",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed."
    }
  ],
  "id": "CVE-2002-1603",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-02-13T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/7741"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1005820"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/124059"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/975041"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/13295"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/9239"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/7741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1005820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/124059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/975041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/13295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/9239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-XC79-9VGP-Q8CM

Vulnerability from github – Published: 2022-04-30 18:21 – Updated: 2022-04-30 18:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2002-1603"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-02-13T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.",
  "id": "GHSA-xc79-9vgp-q8cm",
  "modified": "2022-04-30T18:21:30Z",
  "published": "2022-04-30T18:21:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1603"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"
    },
    {
      "type": "WEB",
      "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"
    },
    {
      "type": "WEB",
      "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"
    },
    {
      "type": "WEB",
      "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/7741"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1005820"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/124059"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/975041"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/13295"
    },
    {
      "type": "WEB",
      "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/9239"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200202-0014

Vulnerability from variot - Updated: 2023-12-18 12:31

GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed. This issue is also referenced in VU#124059. GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU#975041. A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests. An attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications. Attackers can use this information to further attack the system

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200202-0014",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "webserver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "goahead",
        "version": "2.0"
      },
      {
        "model": "webserver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "goahead",
        "version": "2.1.2"
      },
      {
        "model": "webserver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "goahead",
        "version": "2.1.7"
      },
      {
        "model": "webserver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "goahead",
        "version": "2.1"
      },
      {
        "model": "webserver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "goahead",
        "version": "2.1.3"
      },
      {
        "model": "webserver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "goahead",
        "version": "2.1.4"
      },
      {
        "model": "webserver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "goahead",
        "version": "2.1.6"
      },
      {
        "model": "webserver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "goahead",
        "version": "2.1.1"
      },
      {
        "model": "webserver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "goahead",
        "version": "2.1.5"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "goahead",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": null
      },
      {
        "model": "automation controllogix 1756-enbt/a ethernet/ip bridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "0"
      },
      {
        "model": "software goahead webserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "goahead",
        "version": "2.1.7"
      },
      {
        "model": "software goahead webserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "goahead",
        "version": "2.1.6"
      },
      {
        "model": "software goahead webserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "goahead",
        "version": "2.1.5"
      },
      {
        "model": "software goahead webserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "goahead",
        "version": "2.1.4"
      },
      {
        "model": "software goahead webserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "goahead",
        "version": "2.1.3"
      },
      {
        "model": "software goahead webserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "goahead",
        "version": "2.1.2"
      },
      {
        "model": "software goahead webserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "goahead",
        "version": "2.1.1"
      },
      {
        "model": "software goahead webserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "goahead",
        "version": "2.1"
      },
      {
        "model": "software goahead webserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "goahead",
        "version": "2.0"
      },
      {
        "model": "software goahead webserver",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "goahead",
        "version": "2.1.8"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#124059"
      },
      {
        "db": "BID",
        "id": "9239"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200202-008"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-1603"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Luigi Auriemma\u203b aluigi@pivx.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200202-008"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2002-1603",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-5988",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2002-1603",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#975041",
            "trust": 0.8,
            "value": "1.91"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#124059",
            "trust": 0.8,
            "value": "0.06"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200202-008",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-5988",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#975041"
      },
      {
        "db": "CERT/CC",
        "id": "VU#124059"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5988"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200202-008"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed. This issue is also referenced in VU#124059. GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU#975041. A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests. \nAn attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications. Attackers can use this information to further attack the system",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-1603"
      },
      {
        "db": "CERT/CC",
        "id": "VU#975041"
      },
      {
        "db": "CERT/CC",
        "id": "VU#124059"
      },
      {
        "db": "BID",
        "id": "9239"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5988"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-5988",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5988"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#975041",
        "trust": 3.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#124059",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "9239",
        "trust": 2.0
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1603",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "7741",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "13295",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1005820",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "12815",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200202-008",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "10885",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "23446",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-77211",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-5988",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#975041"
      },
      {
        "db": "CERT/CC",
        "id": "VU#124059"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5988"
      },
      {
        "db": "BID",
        "id": "9239"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200202-008"
      }
    ]
  },
  "id": "VAR-200202-0014",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5988"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:31:47.769000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-1603"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://data.goahead.com/software/webserver/2.1.8/release.htm#bug-with-urls-like-asp"
      },
      {
        "trust": 3.3,
        "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"
      },
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/975041"
      },
      {
        "trust": 2.0,
        "url": "http://www.kb.cert.org/vuls/id/124059"
      },
      {
        "trust": 2.0,
        "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"
      },
      {
        "trust": 1.9,
        "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/9239"
      },
      {
        "trust": 1.7,
        "url": "http://www.kb.cert.org/vuls/id/rgii-7mwkz3"
      },
      {
        "trust": 1.7,
        "url": "http://www.procheckup.com/pdfs/procheckup_vulns_2002.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/13295"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1005820"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/7741"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"
      },
      {
        "trust": 0.8,
        "url": "http://web.archive.org/web/20030110134751/http://www.procheckup.com/security_info/vuln_pr0213.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.ab.com/networks/architectures.html"
      },
      {
        "trust": 0.8,
        "url": "http://data.goahead.com/software/webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518"
      },
      {
        "trust": 0.8,
        "url": "http://www.nerc.com/fileuploads/file/events%20analysis/a-2009-02-13-01.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/57729"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=goahead+web+server"
      },
      {
        "trust": 0.8,
        "url": "http://www.exploit-db.com/exploits/12815/"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/10885"
      },
      {
        "trust": 0.3,
        "url": "http://www.goahead.com/webserver/webserver.htm"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/347805"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#975041"
      },
      {
        "db": "CERT/CC",
        "id": "VU#124059"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5988"
      },
      {
        "db": "BID",
        "id": "9239"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200202-008"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#975041"
      },
      {
        "db": "CERT/CC",
        "id": "VU#124059"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5988"
      },
      {
        "db": "BID",
        "id": "9239"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200202-008"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2002-12-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#975041"
      },
      {
        "date": "2009-02-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#124059"
      },
      {
        "date": "2002-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5988"
      },
      {
        "date": "2003-12-17T00:00:00",
        "db": "BID",
        "id": "9239"
      },
      {
        "date": "2002-02-13T05:00:00",
        "db": "NVD",
        "id": "CVE-2002-1603"
      },
      {
        "date": "2002-02-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200202-008"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#975041"
      },
      {
        "date": "2010-06-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#124059"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5988"
      },
      {
        "date": "2009-02-19T21:47:00",
        "db": "BID",
        "id": "9239"
      },
      {
        "date": "2017-07-11T01:29:16.180000",
        "db": "NVD",
        "id": "CVE-2002-1603"
      },
      {
        "date": "2009-02-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200202-008"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200202-008"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GoAhead Web Server discloses source code of ASP files via crafted URL",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#975041"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200202-008"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2002-1603 (GCVE-0-2002-1603)

GSD-2002-1603

FKIE_CVE-2002-1603

GHSA-XC79-9VGP-Q8CM

VAR-200202-0014

Tags

Sightings

Nomenclature