CVE-2002-2427

Опубликовано: 06 фев. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.

Ссылки

http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518
Vendor Advisory
http://www.kb.cert.org/vuls/id/124059
US Government Resource
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518
Vendor Advisory
http://www.kb.cert.org/vuls/id/124059
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*

Версия до 2.1 (включая)

cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00304

Низкий

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-qx66-p5pw-67mr

github

почти 4 года назад