CVE-2002-1603 Information
Description
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a / \ 2f (encoded /) 20 (encoded space) or 00 (encoded null) character which returns the ASP source code unparsed.
Reference
http://aluigi.altervista.org/adv/goahead-adv3.txt http://data.goahead.com/Software/Webserver/2.1.8/release.htmbug-with-urls-like-asp http://data.goahead.com/Software/Webserver/2.1.8/release.htmbug-with-urls-like-asp http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729 http://secunia.com/advisories/7741 http://securitytracker.com/id?1005820 http://www.kb.cert.org/vuls/id/124059 http://www.kb.cert.org/vuls/id/975041 http://www.kb.cert.org/vuls/id/RGII-7MWKZ3 http://www.osvdb.org/13295 http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf http://www.procheckup.com/security_info/vuln_pr0213.html http://www.securityfocus.com/bid/9239 https://exchange.xforce.ibmcloud.com/vulnerabilities/10885
Share on: