Executive Summary
Summary | |
---|---|
Title | GoAhead Webserver information disclosure vulnerability |
Informations | |||
---|---|---|---|
Name | VU#124059 | First vendor Publication | 2009-02-05 |
Vendor | VU-CERT | Last vendor Modification | 2009-02-06 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#124059GoAhead Webserver information disclosure vulnerabilityOverviewThe GoAhead web server contains an information disclosure vulnerability that may allow an attacker to bypass authentication and view system configuration files or passwords. This issue was previously published under VU#975041.I. DescriptionThe GoAhead web server contains an information disclosure vulnerability. By sending the web interface a specially crafted URL, an attacker may be able to bypass authentication and view arbitrary system files.II. ImpactAn attacker may be able to view any file on the web server, including files that contain usernames and passwords.III. SolutionThe GoAhead webserver is not being actively maintained. Vendors who redistribute the GoAhead webserver may release updates to address this issue. See the systems affected section below for more information.Limit network access
References
Thanks to Daniel Peck of Digital Bond, Inc. for reporting this issue. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/124059 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-287 | Improper Authentication |
50 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-08-22 | Name : GoAhead WebServer Script Source Code Disclosure File : nvt/goaheadwebserver_source_disclosure.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56425 | GoAhead WebServer Extra Slash Request Authentication Bypass |
54118 | Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module Web In... |
13295 | GoAhead WebServer Crafted File Request Script Source Disclosure GoAhead WebServer contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when prefixing an ASP filename with specific characters (/), (\), (%20) or (%00), which will disclose the source file code resulting in a loss of confidentiality. |