var-200902-0685
Vulnerability from variot
Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software. It has to do with incorrect use of the socketInputBuffered function
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-200902-0685", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "webserver", scope: "eq", trust: 1.6, vendor: "goahead", version: "2.1.1", }, { model: "webserver", scope: "eq", trust: 1.6, vendor: "goahead", version: "2.1", }, { model: "webserver", scope: "eq", trust: 1.6, vendor: "goahead", version: "2.1.2", }, { model: "webserver", scope: "eq", trust: 1.6, vendor: "goahead", version: "2.0", }, { model: "webserver", scope: "lte", trust: 1, vendor: "goahead", version: "2.1.3", }, { model: "software goahead webserver", scope: "eq", trust: 0.6, vendor: "goahead", version: "2.1", }, { model: "webserver", scope: "eq", trust: 0.6, vendor: "goahead", version: "2.1.3", }, { model: "software goahead webserver", scope: "eq", trust: 0.3, vendor: "goahead", version: "2.1.5", }, { model: "software goahead webserver", scope: "eq", trust: 0.3, vendor: "goahead", version: "2.1.4", }, { model: "software goahead webserver", scope: "eq", trust: 0.3, vendor: "goahead", version: "2.1.3", }, { model: "software goahead webserver", scope: "eq", trust: 0.3, vendor: "goahead", version: "2.1.2", }, { model: "software goahead webserver", scope: "eq", trust: 0.3, vendor: "goahead", version: "2.1.1", }, { model: "software goahead webserver", scope: "eq", trust: 0.3, vendor: "goahead", version: "2.0", }, { model: "software goahead webserver", scope: "ne", trust: 0.3, vendor: "goahead", version: "2.1.6", }, ], sources: [ { db: "BID", id: "33838", }, { db: "NVD", id: "CVE-2002-2431", }, { db: "CNNVD", id: "CNNVD-200902-116", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:goahead:goahead_webserver:2.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:goahead:goahead_webserver:2.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:goahead:goahead_webserver:2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.1.3", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2002-2431", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Richard Cullen, Luigi Auriemma, and the vendor.", sources: [ { db: "BID", id: "33838", }, { db: "CNNVD", id: "CNNVD-200902-116", }, ], trust: 0.9, }, cve: "CVE-2002-2431", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-6814", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2002-2431", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-200902-116", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-6814", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-6814", }, { db: "NVD", id: "CVE-2002-2431", }, { db: "CNNVD", id: "CNNVD-200902-116", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause \"incorrect behavior\" via unknown \"malicious code,\" related to incorrect use of the socketInputBuffered function by sockGen.c. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. \nA remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. \nVersions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software. It has to do with incorrect use of the socketInputBuffered function", sources: [ { db: "NVD", id: "CVE-2002-2431", }, { db: "BID", id: "33838", }, { db: "VULHUB", id: "VHN-6814", }, ], trust: 1.26, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2002-2431", trust: 2, }, { db: "CNNVD", id: "CNNVD-200902-116", trust: 0.7, }, { db: "BID", id: "33838", trust: 0.3, }, { db: "VULHUB", id: "VHN-6814", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-6814", }, { db: "BID", id: "33838", }, { db: "NVD", id: "CVE-2002-2431", }, { db: "CNNVD", id: "CNNVD-200902-116", }, ], }, id: "VAR-200902-0685", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-6814", }, ], trust: 0.01, }, last_update_date: "2023-12-18T12:31:47.669000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2002-2431", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "http://data.goahead.com/software/webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c", }, { trust: 0.3, url: "http://data.goahead.com/software/webserver/2.1.6/release.htm", }, { trust: 0.3, url: "http://www.goahead.com/", }, ], sources: [ { db: "VULHUB", id: "VHN-6814", }, { db: "BID", id: "33838", }, { db: "NVD", id: "CVE-2002-2431", }, { db: "CNNVD", id: "CNNVD-200902-116", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-6814", }, { db: "BID", id: "33838", }, { db: "NVD", id: "CVE-2002-2431", }, { db: "CNNVD", id: "CNNVD-200902-116", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2009-02-06T00:00:00", db: "VULHUB", id: "VHN-6814", }, { date: "2002-10-17T00:00:00", db: "BID", id: "33838", }, { date: "2009-02-06T19:30:00.377000", db: "NVD", id: "CVE-2002-2431", }, { date: "2009-02-06T00:00:00", db: "CNNVD", id: "CNNVD-200902-116", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2009-02-09T00:00:00", db: "VULHUB", id: "VHN-6814", }, { date: "2009-02-19T22:10:00", db: "BID", id: "33838", }, { date: "2009-02-09T05:00:00", db: "NVD", id: "CVE-2002-2431", }, { date: "2009-02-09T00:00:00", db: "CNNVD", id: "CNNVD-200902-116", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-200902-116", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "GoAhead WebServer 'socketInputBuffered function ' Unknown vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-200902-116", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "design error", sources: [ { db: "CNNVD", id: "CNNVD-200902-116", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.