Vulnerability Details CVE-2002-2427
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518
- http://www.kb.cert.org/vuls/id/124059
- http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518
- http://www.kb.cert.org/vuls/id/124059
Products affected by CVE-2002-2427
-
cpe:2.3:a:goahead:goahead_webserver:2.0
-
cpe:2.3:a:goahead:goahead_webserver:2.1