CVE-2002-1603

GoAhead Web Server <2.1.7 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1603. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The exploit describes a path traversal vulnerability in GoAhead webserver that allows source code disclosure of ASP files by appending specific characters to HTTP requests. No actual exploit code is provided, only examples of malicious URLs.

Description

GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/23446

View Code ZIP pw:eip

The exploit describes a path traversal vulnerability in GoAhead webserver that allows source code disclosure of ASP files by appending specific characters to HTTP requests. No actual exploit code is provided, only examples of malicious URLs.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: GoAhead Webserver 2.1.7 and earlier

No auth needed

Prerequisites: Access to the target webserver

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/10885

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/975041

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/7741

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/124059

Various Sources x_refsource_confirm

http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729

Various Sources x_refsource_misc

http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf

Various Sources x_refsource_confirm

http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp

Third Party Advisory, US Government Resource x_refsource_confirm

http://www.kb.cert.org/vuls/id/RGII-7MWKZ3

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9239

Exploit, Vendor Advisory x_refsource_misc

http://aluigi.altervista.org/adv/goahead-adv3.txt

Exploit vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1005820

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/13295

Various Sources x_refsource_misc

http://www.procheckup.com/security_info/vuln_pr0213.html

Scores

EPSS 0.1367

EPSS Percentile 96.0%

Details

Status published

Products (9)

goahead_software/goahead_webserver 2.0

goahead_software/goahead_webserver 2.1

goahead_software/goahead_webserver 2.1.1

goahead_software/goahead_webserver 2.1.2

goahead_software/goahead_webserver 2.1.3

goahead_software/goahead_webserver 2.1.4

goahead_software/goahead_webserver 2.1.5

goahead_software/goahead_webserver 2.1.6

goahead_software/goahead_webserver 2.1.7

Published Feb 13, 2002

Tracked Since Feb 18, 2026