Sign-up

ID

VAR-200207-0044


CVE

CVE-2002-0681


TITLE

GoAhead WebServer Error page bypassing site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200207-088

DESCRIPTION

Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script. A vulnerability has been reported for GoAhead WebServer 2.1. Reportedly, it is possible for attackers to launch cross site scripting attacks against vulnerable systems. GoAhead WebServer includes unsanitized requested URLs when displaying a 404 error page. An attacker may be able to trick a user into following a link which includes malicious script code, and executing the attack

Trust: 1.26

sources: NVD: CVE-2002-0681 // BID: 5198 // VULHUB: VHN-5072

AFFECTED PRODUCTS

vendor:goaheadmodel:webserverscope:eqversion:2.1.2

Trust: 1.6

vendor:goaheadmodel:webserverscope:eqversion:2.1.4

Trust: 1.6

vendor:goaheadmodel:webserverscope:eqversion:2.1.1

Trust: 1.6

vendor:goaheadmodel:webserverscope:eqversion:2.1.5

Trust: 1.6

vendor:goaheadmodel:webserverscope:eqversion:2.1.3

Trust: 1.6

vendor:goaheadmodel:software goahead webserverscope:eqversion:2.1

Trust: 0.6

vendor:goaheadmodel:software goahead webserverscope:eqversion:2.1.5

Trust: 0.3

vendor:goaheadmodel:software goahead webserverscope:eqversion:2.1.4

Trust: 0.3

vendor:goaheadmodel:software goahead webserverscope:eqversion:2.1.3

Trust: 0.3

vendor:goaheadmodel:software goahead webserverscope:eqversion:2.1.2

Trust: 0.3

vendor:goaheadmodel:software goahead webserverscope:eqversion:2.1.1

Trust: 0.3

vendor:goaheadmodel:software goahead webserverscope:neversion:2.1.6

Trust: 0.3

sources: BID: 5198 // CNNVD: CNNVD-200207-088 // NVD: CVE-2002-0681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0681
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200207-088
value: HIGH

Trust: 0.6

VULHUB: VHN-5072
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-0681
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-5072
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5072 // CNNVD: CNNVD-200207-088 // NVD: CVE-2002-0681

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0681

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200207-088

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200207-088

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-5072

EXTERNAL IDS
db:BIDid:5198
Trust: 2.0
db:NVDid:CVE-2002-0681
Trust: 2.0
db:OSVDBid:81099
Trust: 1.1
db:VULNWATCHid:20020710 [VULNWATCH] WP-02-0001: GOAHEAD WEB SERVER DIRECTORY TRAVERSAL + CROSS SITE SCRIPTING
Trust: 0.6
db:XFid:9518
Trust: 0.6
db:BUGTRAQid:20020710 WP-02-0001: GOAHEAD WEB SERVER DIRECTORY TRAVERSAL + CROSS SITE SCRIPTING
Trust: 0.6
db:CNNVDid:CNNVD-200207-088
Trust: 0.6
db:EXPLOIT-DBid:21608
Trust: 0.1
db:SEEBUGid:SSVID-75433
Trust: 0.1
db:VULHUBid:VHN-5072
Trust: 0.1
sources:
            
            
            VULHUB: VHN-5072 // 
            
            
            
            BID: 5198 // 
            
            
            
            CNNVD: CNNVD-200207-088 // 
            
            
            
            NVD: CVE-2002-0681

REFERENCES
url:http://www.securityfocus.com/bid/5198
Trust: 1.7
url:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html
Trust: 1.7
url:http://www.iss.net/security_center/static/9518.php
Trust: 1.7
url:http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
Trust: 1.1
url:http://osvdb.org/81099
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=102631742711795&w=2
Trust: 1.0
url:http://marc.theaimsgroup.com/?l=bugtraq&m=102631742711795&w=2
Trust: 0.6
url:http://www.goahead.com/webserver/webserver.htm
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=102631742711795&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-5072 // 
            
            
            
            BID: 5198 // 
            
            
            
            CNNVD: CNNVD-200207-088 // 
            
            
            
            NVD: CVE-2002-0681

CREDITS
Discovery credited to Matt Moore <matt@westpoint.ltd.uk>.
Trust: 0.9
sources:
            
            
            BID: 5198 // 
            
            
            
            CNNVD: CNNVD-200207-088

SOURCES
db:VULHUBid:VHN-5072
db:BIDid:5198
db:CNNVDid:CNNVD-200207-088
db:NVDid:CVE-2002-0681

LAST UPDATE DATE
2025-04-03T21:50:32.911000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-5072date:2017-12-20T00:00:00
db:BIDid:5198date:2009-07-11T14:56:00
db:CNNVDid:CNNVD-200207-088date:2005-10-20T00:00:00
db:NVDid:CVE-2002-0681date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-5072date:2002-07-23T00:00:00
db:BIDid:5198date:2002-07-10T00:00:00
db:CNNVDid:CNNVD-200207-088date:2002-07-23T00:00:00
db:NVDid:CVE-2002-0681date:2002-07-23T04:00:00