CVE

CVE-2002-1603

Date: (C)2002-02-13   (M)2023-12-22

GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, , %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE

Reference:

SECTRACK-1005820

OSVDB-13295

SECUNIA-7741

BID-9239

VU#124059

VU#975041

goahead-script-source-disclosure(10885)

http://aluigi.altervista.org/adv/goahead-adv3.txt

http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp

http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729

http://www.kb.cert.org/vuls/id/RGII-7MWKZ3

http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf