Description
Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Matt Moore · textremotewindows
https://www.exploit-db.com/exploits/21607
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/81099
Vendor Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102709382714597&w=2
Release Notes x_refsource_confirm
http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102631742711795&w=2
Scores
EPSS
0.0524
EPSS Percentile
90.0%
Details
Status
published
Products (7)
goahead_software/goahead_webserver
2.1.1
goahead_software/goahead_webserver
2.1.2
goahead_software/goahead_webserver
2.1.3
goahead_software/goahead_webserver
2.1.4
goahead_software/goahead_webserver
2.1.5
montavista_software/hard_hat_linux
1.0
orange_software/orange_web_server
2.1
Published
Jul 23, 2002
Tracked Since
Feb 18, 2026