CVE-2002-2427

Goahead Webserver < 2.1 - Authentication Bypass

Title source: rule

Description

The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.

References (2)

[Vendor Advisory] http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518

[US Government Resource] http://www.kb.cert.org/vuls/id/124059

Scores

EPSS 0.0030

EPSS Percentile 53.4%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

goahead/goahead_webserver < 2.1

goahead/goahead_webserver

Timeline

Published Feb 06, 2009

Tracked Since Feb 18, 2026