FKIE_CVE-2002-2431

Vulnerability from fkie_nvd - Published: 2009-02-06 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.
References
cve@mitre.orghttp://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c
af854a3a-2127-422b-91ae-364da2661108http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c
Impacted products
Vendor Product Version
goahead goahead_webserver *
goahead goahead_webserver 2.0
goahead goahead_webserver 2.1
goahead goahead_webserver 2.1.1
goahead goahead_webserver 2.1.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04F9AC93-B27F-4153-AD04-E54F06AF5334",
              "versionEndIncluding": "2.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3111BC75-62C7-4710-99A6-258F6A07E8B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "588A7477-B234-43C9-80AD-4AADC76F982C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FC0AB3F-B4A7-4D6B-B4CF-4024EAA59DE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:goahead:goahead_webserver:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E68CF71-3251-406E-BC0D-079510EDDFFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause \"incorrect behavior\" via unknown \"malicious code,\" related to incorrect use of the socketInputBuffered function by sockGen.c."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar \"funcionamiento incorrecto\" a trav\u00e9s de \"c\u00f3digo malicioso\" desconocido, relacionado con el uso incorrecto de la funci\u00f3n \"socketInputBuffered\" en sockGen.c."
    }
  ],
  "id": "CVE-2002-2431",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-02-06T19:30:00.377",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.