cbcvebase.

Goahead Webserver vulnerabilities

8 known vulnerabilities affecting goahead/goahead_webserver.

Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2011-4273P4MEDIUMCVSS 4.3PoCv2.1.82011-11-03
CVE-2011-4273 [MEDIUM] CWE-79 CVE-2011-4273: Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUs
nvd
CVE-2002-2431P4HIGHCVSS 7.5≤ 2.1.3v2.0+3 more2009-02-06
CVE-2002-2431 [HIGH] CVE-2002-2431: Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorr Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.
nvd
CVE-2002-2427P4MEDIUMCVSS 5.0≤ 2.1v2.02009-02-06
CVE-2002-2427 [MEDIUM] CVE-2002-2427: The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authenticat The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
nvd
CVE-2002-2428P4MEDIUMCVSS 5.0≤ 2.1.3v2.0+3 more2009-02-06
CVE-2002-2428 [MEDIUM] CWE-20 CVE-2002-2428: webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.
nvd
CVE-2003-1568P4MEDIUMCVSS 5.0v2.0v2.1+2 more2009-02-06
CVE-2003-1568 [MEDIUM] CWE-20 CVE-2003-1568: GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer de GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.
nvd
CVE-2002-2429P4MEDIUMCVSS 5.0≤ 2.1.3v2.0+3 more2009-02-06
CVE-2002-2429 [MEDIUM] CWE-20 CVE-2002-2429: webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemo webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.
nvd
CVE-2003-1569P4MEDIUMCVSS 5.0≤ 2.1.4v2.0+4 more2009-02-06
CVE-2003-1569 [MEDIUM] CVE-2003-1569: GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial o GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.
nvd
CVE-2002-2430P4MEDIUMCVSS 5.0≤ 2.1v2.02009-02-06
CVE-2002-2430 [MEDIUM] CWE-399 CVE-2002-2430: GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server.
nvd
Goahead Webserver vulnerabilities | cvebase