Описание
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, , %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.
Ссылки
- ExploitVendor Advisory
- Exploit
- US Government Resource
- Third Party AdvisoryUS Government Resource
- Exploit
- ExploitVendor Advisory
- Exploit
- US Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:goahead_software:goahead_webserver:2.0:*:*:*:*:*:*:*
cpe:2.3:a:goahead_software:goahead_webserver:2.1:*:*:*:*:*:*:*
cpe:2.3:a:goahead_software:goahead_webserver:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:goahead_software:goahead_webserver:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:goahead_software:goahead_webserver:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:goahead_software:goahead_webserver:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:goahead_software:goahead_webserver:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:goahead_software:goahead_webserver:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:goahead_software:goahead_webserver:2.1.7:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.35746
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.
EPSS
Процентиль: 97%
0.35746
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other