CVE-2002-1603 - Vulnerability Details - OpenCVE

GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Goahead Software	Goahead Webserver

Configuration 1 [-]

OR	cpe:2.3:a:goahead_software:goahead_webserver:2.0:::::::*
	cpe:2.3:a:goahead_software:goahead_webserver:2.1:::::::*
	cpe:2.3:a:goahead_software:goahead_webserver:2.1.1:::::::*
	cpe:2.3:a:goahead_software:goahead_webserver:2.1.2:::::::*
	cpe:2.3:a:goahead_software:goahead_webserver:2.1.3:::::::*
	cpe:2.3:a:goahead_software:goahead_webserver:2.1.4:::::::*
	cpe:2.3:a:goahead_software:goahead_webserver:2.1.5:::::::*
	cpe:2.3:a:goahead_software:goahead_webserver:2.1.6:::::::*
	cpe:2.3:a:goahead_software:goahead_webserver:2.1.7:::::::*

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/goahead-adv3.txt
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp
http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729
http://secunia.com/advisories/7741
http://securitytracker.com/id?1005820
http://www.kb.cert.org/vuls/id/124059
http://www.kb.cert.org/vuls/id/975041
http://www.kb.cert.org/vuls/id/RGII-7MWKZ3
http://www.osvdb.org/13295
http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf
http://www.procheckup.com/security_info/vuln_pr0213.html
http://www.securityfocus.com/bid/9239
https://exchange.xforce.ibmcloud.com/vulnerabilities/10885

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-03-25T05:00:00

Updated: 2024-08-08T03:34:54.981Z

Reserved: 2005-03-25T00:00:00

Link: CVE-2002-1603

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2002-02-13T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2002-1603

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "goahead-script-source-disclosure(10885)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"}, {"name": "VU#975041", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/975041"}, {"name": "7741", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/7741"}, {"name": "VU#124059", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/124059"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"}, {"tags": ["x_refsource_MISC"], "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"}, {"name": "9239", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9239"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"}, {"name": "1005820", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1005820"}, {"name": "13295", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/13295"}, {"tags": ["x_refsource_MISC"], "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1603", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "goahead-script-source-disclosure(10885)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"}, {"name": "VU#975041", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/975041"}, {"name": "7741", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/7741"}, {"name": "VU#124059", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/124059"}, {"name": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729", "refsource": "CONFIRM", "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"}, {"name": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf", "refsource": "MISC", "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"}, {"name": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp", "refsource": "CONFIRM", "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"}, {"name": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"}, {"name": "9239", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9239"}, {"name": "http://aluigi.altervista.org/adv/goahead-adv3.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"}, {"name": "1005820", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1005820"}, {"name": "13295", "refsource": "OSVDB", "url": "http://www.osvdb.org/13295"}, {"name": "http://www.procheckup.com/security_info/vuln_pr0213.html", "refsource": "MISC", "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T03:34:54.981Z"}, "title": "CVE Program Container", "references": [{"name": "goahead-script-source-disclosure(10885)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"}, {"name": "VU#975041", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/975041"}, {"name": "7741", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/7741"}, {"name": "VU#124059", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/124059"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"}, {"name": "9239", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9239"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"}, {"name": "1005820", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1005820"}, {"name": "13295", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/13295"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1603", "datePublished": "2005-03-25T05:00:00", "dateReserved": "2005-03-25T00:00:00", "dateUpdated": "2024-08-08T03:34:54.981Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "49A1B406-C1F8-468B-B1A9-F016EBCC4AFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "08178800-0020-4052-AFA8-BC21B10AF491", "vulnerable": true}, {"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "21EFC04A-DC4A-4491-BAFC-996F8C127438", "vulnerable": true}, {"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "40304420-26E0-4F6D-B368-7BBC068CCCCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6B147EAF-E6A0-4D0C-8C27-BA27F844A816", "vulnerable": true}, {"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "B729D721-2FD3-4522-8CB3-526B7454D124", "vulnerable": true}, {"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "56B99EBA-8968-4948-9650-36CC2B95AD01", "vulnerable": true}, {"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "2929801F-548E-490A-9A98-F5DE17A1BD52", "vulnerable": true}, {"criteria": "cpe:2.3:a:goahead_software:goahead_webserver:2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "BD03EDC6-0841-41E6-BD54-17578239DB48", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \\, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed."}], "id": "CVE-2002-1603", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-02-13T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"}, {"source": "cve@mitre.org", "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"}, {"source": "cve@mitre.org", "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/7741"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1005820"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/124059"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/975041"}, {"source": "cve@mitre.org", "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/13295"}, {"source": "cve@mitre.org", "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"}, {"source": "cve@mitre.org", "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/9239"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/7741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1005820"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/124059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/975041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kb.cert.org/vuls/id/RGII-7MWKZ3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/13295"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.procheckup.com/security_info/vuln_pr0213.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/9239"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10885"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}