CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2003-1568
https://notcve.org/view.php?id=CVE-2003-1568
06 Feb 2009 — GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function. GoAhead WebServer anterior a v2.1.6 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo o caída de demonio) a través de una URL invalida, relacionada con la función websSafeUrl. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2003-1569
https://notcve.org/view.php?id=CVE-2003-1569
06 Feb 2009 — GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. GoAhead WebServer anterior a v2.1.5 en Windows 95, 98, and ME permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP con un nombre de dispositivo en un componente de ruta 1) con, (2) nu... • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2427
https://notcve.org/view.php?id=CVE-2002-2427
06 Feb 2009 — The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. The security handler en GoAhead WebServer anterior a v2.1.1 permite a atacantes remotos evitar la autenticación y obtener aaceso a contenido web protegido a través de "un caracter extra en una URL", una vulnerabilidad diferente a CVE-2002-1603. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2002-2428
https://notcve.org/view.php?id=CVE-2002-2428
06 Feb 2009 — webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. webs.c en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída del demonio) a través de una petición HTTP POST que contiene una cabecera Content-Length pero no datos del cuerpo. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2002-2429
https://notcve.org/view.php?id=CVE-2002-2429
06 Feb 2009 — webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. webs.c en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP POST que contiene un entero negativo en la cabecera Content-Length. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2430
https://notcve.org/view.php?id=CVE-2002-2430
06 Feb 2009 — GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server. GoAhead WebServer anterior a v2.1.1 permite a actacantes remotos provocar una denegación de servicio (consumo de CPU)implicando una desconexión de socket que finalizará una petición antes de que ésta haya sido totalmente procesada por el servidor. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2002-2431
https://notcve.org/view.php?id=CVE-2002-2431
06 Feb 2009 — Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. Vulnerabilidad sin especificar en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar "funcionamiento incorrecto" a través de "código malicioso" desconocido, relacionado con el uso incorrecto de la función "socketInputBuffered" en sockGen.c. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 3CVE-2002-1951 – GoAhead Web Server 2.1 - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2002-1951
31 Dec 2002 — Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories. • https://www.exploit-db.com/exploits/21707 •
CVSS: 7.5EPSS: 5%CPEs: 7EXPL: 1CVE-2002-0680 – GoAhead Web Server 2.1.x - URL Encoded Slash Directory Traversal
https://notcve.org/view.php?id=CVE-2002-0680
12 Jul 2002 — Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228. Vulnerabilidad de atravesamiento de directorios en GoAhead Web Server 2.1 permite a atacantes remotos mediante una URL con una "/" (carácter barra) codificada (%5C) en una secuencia .. (punto punto) • https://www.exploit-db.com/exploits/21607 •
CVSS: 7.5EPSS: 31%CPEs: 9EXPL: 4CVE-2002-1603 – GoAhead Web Server 2.1.x - '.ASP' File Source Code Disclosure
https://notcve.org/view.php?id=CVE-2002-1603
13 Feb 2002 — GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed. • https://www.exploit-db.com/exploits/23446 •