CVE-2002-1603

GoAhead Web Server <2.1.7 - Info Disclosure

Title source: llm
STIX 2.1

Description

GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textremotewindows
https://www.exploit-db.com/exploits/23446

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10885
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/975041
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7741
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/124059
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/RGII-7MWKZ3
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9239
Exploit, Vendor Advisory x_refsource_misc
http://aluigi.altervista.org/adv/goahead-adv3.txt
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1005820
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/13295

Scores

EPSS 0.3575
EPSS Percentile 97.1%

Details

Status published
Products (9)
goahead_software/goahead_webserver 2.0
goahead_software/goahead_webserver 2.1
goahead_software/goahead_webserver 2.1.1
goahead_software/goahead_webserver 2.1.2
goahead_software/goahead_webserver 2.1.3
goahead_software/goahead_webserver 2.1.4
goahead_software/goahead_webserver 2.1.5
goahead_software/goahead_webserver 2.1.6
goahead_software/goahead_webserver 2.1.7
Published Feb 13, 2002
Tracked Since Feb 18, 2026