Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0680

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0680
Last Modified 10 Sep 2008 03:12:42
Published 23 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0680

Summary

Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.

Vulnerable Systems

Operating System

  • Montavista Software Hard Hat Linux 1.0

Application

  • Goahead Software Goahead Webserver 2.1.1

  • Goahead Software Goahead Webserver 2.1.2

  • Goahead Software Goahead Webserver 2.1.3

  • Goahead Software Goahead Webserver 2.1.4

  • Goahead Software Goahead Webserver 2.1.5

  • Orange Software Orange Web Server 2.1


References

VULNWATCH - 20020710 [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting

BUGTRAQ - 20020719 Re: [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting

BUGTRAQ - 20020710 wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting


Last Updated: 27 May 2016 10:37:02