{"vuid":"VU#975041","idnumber":"975041","name":"GoAhead Web Server discloses source code of ASP files via crafted URL","keywords":["GoAhead","source code","ASP file","crafted URL"],"overview":"An input validation vulnerability in the GoAhead Web Server allows attackers to view sensitive information. This issue is also referenced in VU#124059.","clean_desc":"The GoAhead Web Server inadequately filters user-supplied input. Specifically, the server does not properly filter malformed requests for .asp files. For more detailed information, please see ProCheckUp Security Bulletin PR02-13 [archive.org].","impact":"A remote attacker can gain access to sensitive information.","resolution":"Release notes for GoAhead WebServer 2.1.8 indicate that this vulnerability has been addressed.","workarounds":"","sysaffected":"","thanks":"Thanks to Steve Knight for reporting this vulnerability.","author":"This document was written by Ian A Finlay.","public":["http://www.procheckup.com/security_info/vuln_pr0213.html","http://web.archive.org/web/20030110134751/http://www.procheckup.com/security_info/vuln_pr0213.html","http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp","http://aluigi.altervista.org/adv/goahead-adv3.txt"],"cveids":["CVE-2002-1603"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-08-22T18:35:41Z","publicdate":"2002-12-17T00:00:00Z","datefirstpublished":"2002-12-17T14:36:16Z","dateupdated":"2010-01-11T05:42:48Z","revision":11,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"1","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"17","cam_population":"5","cam_impact":"4","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"1.9125","cam_scorecurrentwidelyknown":"4.1625","cam_scorecurrentwidelyknownexploited":"6.4125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.9125,"vulnote":null}