goahead goahead webserver 2.0 vulnerabilities and exploits

(subscribe to this query)

5

CVSSv2

webs.c in GoAhead WebServer prior to 2.1.4 allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.

Goahead Goahead Webserver Goahead Goahead Webserver 2.1.2 Goahead Goahead Webserver 2.1.1 Goahead Goahead Webserver 2.1 Goahead Goahead Webserver 2.0

5

CVSSv2

webs.c in GoAhead WebServer prior to 2.1.4 allows remote malicious users to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.

Goahead Goahead Webserver 2.1 Goahead Goahead Webserver 2.1.2 Goahead Goahead Webserver 2.0 Goahead Goahead Webserver Goahead Goahead Webserver 2.1.1

7.5

CVSSv2

Unspecified vulnerability in GoAhead WebServer prior to 2.1.4 allows remote malicious users to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.

Goahead Goahead Webserver 2.1.2 Goahead Goahead Webserver 2.1.1 Goahead Goahead Webserver 2.1 Goahead Goahead Webserver 2.0 Goahead Goahead Webserver

5

CVSSv2

GoAhead WebServer prior to 2.1.6 allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.

Goahead Goahead Webserver 2.1.2 Goahead Goahead Webserver 2.1 Goahead Software Goahead Webserver Goahead Software Goahead Webserver 2.1.4 Goahead Software Goahead Webserver 2.1.3 Goahead Goahead Webserver 2.1.1 Goahead Goahead Webserver 2.0

5

CVSSv2

The security handler in GoAhead WebServer prior to 2.1.1 allows remote malicious users to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.

Goahead Goahead Webserver Goahead Goahead Webserver 2.0

5

CVSSv2

GoAhead WebServer prior to 2.1.1 allows remote malicious users to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server.

Goahead Goahead Webserver 2.0 Goahead Goahead Webserver

5

CVSSv2

GoAhead Web Server 2.1.7 and previous versions allows remote malicious users to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.

Goahead Software Goahead Webserver 2.1.2 Goahead Software Goahead Webserver 2.1.3 Goahead Software Goahead Webserver 2.0 Goahead Software Goahead Webserver 2.1.6 Goahead Software Goahead Webserver 2.1.7 Goahead Software Goahead Webserver 2.1 Goahead Software Goahead Webserver 2.1.1 Goahead Software Goahead Webserver 2.1.4 Goahead Software Goahead Webserver 2.1.5

1 EDB exploit

5

CVSSv2

Directory traversal vulnerability in GoAhead web server 2.1 and previous versions allows remote malicious users to read arbitrary files via a .. attack in an HTTP GET request.

Goahead Software Goahead Webserver V.2.0 Goahead Software Goahead Webserver V.2.1

1 EDB exploit

5

CVSSv2

GoAhead WebServer prior to 2.1.5 on Windows 95, 98, and ME allows remote malicious users to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.

Goahead Goahead Webserver 2.1.3 Goahead Goahead Webserver 2.1.1 Goahead Goahead Webserver 2.0 Goahead Goahead Webserver Goahead Goahead Webserver 2.1.2 Goahead Goahead Webserver 2.1

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook