CVE-2002-0680

GoAhead Web Server 2.1 - Directory Traversal via Encoded Dot-Dot Sequence

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0680. PoCs published by Matt Moore.

AI-analyzed exploit summary The writeup describes a directory traversal vulnerability in GoAhead WebServer 2.1 and Orange Web Server 2.1, where URL-encoded substitutions for '/' or '..\' sequences can bypass restrictions to access arbitrary files. No functional exploit code is provided.

Description

Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Matt Moore · textremotewindows

https://www.exploit-db.com/exploits/21607

View Code ZIP pw:eip

The writeup describes a directory traversal vulnerability in GoAhead WebServer 2.1 and Orange Web Server 2.1, where URL-encoded substitutions for '/' or '..\' sequences can bypass restrictions to access arbitrary files. No functional exploit code is provided.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: GoAhead WebServer 2.1, Orange Web Server 2.1

No auth needed

Prerequisites: Network access to the vulnerable web server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/81099

Vendor Advisory mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=102709382714597&w=2

Release Notes x_refsource_confirm

http://freecode.com/projects/embedthis-goahead-webserver/releases/343539

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=102631742711795&w=2

Scores

EPSS 0.0349

EPSS Percentile 87.6%

Details

Status published

Products (7)

goahead_software/goahead_webserver 2.1.1

goahead_software/goahead_webserver 2.1.2

goahead_software/goahead_webserver 2.1.3

goahead_software/goahead_webserver 2.1.4

goahead_software/goahead_webserver 2.1.5

montavista_software/hard_hat_linux 1.0

orange_software/orange_web_server 2.1

Published Jul 23, 2002

Tracked Since Feb 18, 2026