CVE-2002-1603
CVSS5.0
发布时间 :2002-02-13 00:00:00
修订时间 :2009-02-10 00:22:32
NMCOES    

[原文]GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.


[CNNVD]GoAhead Webserver ASP脚本文件源代码泄露漏洞(CNNVD-200202-008)

        
        GoAhead WebServer是一款开放源代码的嵌入式WEB服务器程序,支持Active Server Pages,嵌入式Javascript,SSL验证和加密,广泛使用在Microsoft Windows和Linux操作系统下。
        GoAhead WebServer未能充分过滤HTTP请求,远程攻击者可以利用这个漏洞获得ASP脚本代码的源代码信息。
        GoAhead WebServer支持ASP文件的执行,攻击者通过在ASP文件后增加部分URL编码字符,如'%00, %2f, %5c, /',就会导致服务程序返回包含源代码数据的信息给攻击者。攻击者利用这些信息可进一步对系统进行攻击。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:goahead_software:goahead_webserver:2.1.5
cpe:/a:goahead_software:goahead_webserver:2.1.4
cpe:/a:goahead_software:goahead_webserver:2.1.3
cpe:/a:goahead_software:goahead_webserver:2.1.1
cpe:/a:goahead_software:goahead_webserver:2.1
cpe:/a:goahead_software:goahead_webserver:2.1.7
cpe:/a:goahead_software:goahead_webserver:2.1.6
cpe:/a:goahead_software:goahead_webserver:2.1.2
cpe:/a:goahead_software:goahead_webserver:2.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1603
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1603
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200202-008
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/975041
(VENDOR_ADVISORY)  CERT-VN  VU#975041
http://www.kb.cert.org/vuls/id/124059
(UNKNOWN)  CERT-VN  VU#124059
http://xforce.iss.net/xforce/xfdb/10885
(UNKNOWN)  XF  goahead-script-source-disclosure(10885)
http://www.securityfocus.com/bid/9239
(UNKNOWN)  BID  9239
http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf
(UNKNOWN)  MISC  http://www.procheckup.com/PDFs/ProCheckUp_Vulns_2002.pdf
http://www.kb.cert.org/vuls/id/RGII-7MWKZ3
(UNKNOWN)  CONFIRM  http://www.kb.cert.org/vuls/id/RGII-7MWKZ3
http://securitytracker.com/id?1005820
(UNKNOWN)  SECTRACK  1005820
http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729
(UNKNOWN)  CONFIRM  http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729
http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp
(UNKNOWN)  CONFIRM  http://data.goahead.com/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp
http://aluigi.altervista.org/adv/goahead-adv3.txt
(VENDOR_ADVISORY)  MISC  http://aluigi.altervista.org/adv/goahead-adv3.txt
http://www.osvdb.org/13295
(UNKNOWN)  OSVDB  13295
http://secunia.com/advisories/7741
(UNKNOWN)  SECUNIA  7741

- 漏洞信息

GoAhead Webserver ASP脚本文件源代码泄露漏洞
中危 其他
2002-02-13 00:00:00 2009-02-10 00:00:00
远程  
        
        GoAhead WebServer是一款开放源代码的嵌入式WEB服务器程序,支持Active Server Pages,嵌入式Javascript,SSL验证和加密,广泛使用在Microsoft Windows和Linux操作系统下。
        GoAhead WebServer未能充分过滤HTTP请求,远程攻击者可以利用这个漏洞获得ASP脚本代码的源代码信息。
        GoAhead WebServer支持ASP文件的执行,攻击者通过在ASP文件后增加部分URL编码字符,如'%00, %2f, %5c, /',就会导致服务程序返回包含源代码数据的信息给攻击者。攻击者利用这些信息可进一步对系统进行攻击。
        

- 公告与补丁

        厂商补丁:
        GoAhead Software
        ----------------
        目前厂商已经在2.1.8版本的软件中修复了这个安全问题,请到厂商的主页下载:
        
        http://www.goahead.com/webserver/webserver.htm

- 漏洞信息 (23446)

GoAhead Webserver 2.1.x ASP Script File Source Code Disclosure Vulnerability (EDBID:23446)
windows remote
2002-12-17 Verified
0 Luigi Auriemma
N/A [点击下载]
source: http://www.securityfocus.com/bid/9239/info

A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests.

An attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker.

This issue affects GoAhead 2.1.7 and earlier. 

http://www.example.com/asp.asp%00
http://www.example.com/asp.asp%2f
http://www.example.com/asp.asp%5c
http://www.example.com/asp.asp/
http://www.example.com/asp.asp 		

- 漏洞信息

13295
GoAhead WebServer Crafted File Request Script Source Disclosure
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality Upgrade
Exploit Public Vendor Verified

- 漏洞描述

GoAhead WebServer contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when prefixing an ASP filename with specific characters (/), (\), (%20) or (%00), which will disclose the source file code resulting in a loss of confidentiality.

- 时间线

2002-12-17 Unknow
2003-12-17 Unknow

- 解决方案

Upgrade to version 2.1.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

GoAhead Webserver ASP Script File Source Code Disclosure Vulnerability
Failure to Handle Exceptional Conditions 9239
Yes No
2003-12-17 12:00:00 2009-02-19 09:47:00
Discovery of this vulnerability has been credited to Luigi Auriemma <aluigi@altervista.org>.

- 受影响的程序版本

Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge 0
GoAhead Software GoAhead WebServer 2.1.7
GoAhead Software GoAhead WebServer 2.1.6
GoAhead Software GoAhead WebServer 2.1.5
GoAhead Software GoAhead WebServer 2.1.4
GoAhead Software GoAhead WebServer 2.1.3
GoAhead Software GoAhead WebServer 2.1.2
GoAhead Software GoAhead WebServer 2.1.1
GoAhead Software GoAhead WebServer 2.1
- Linux kernel 2.3
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows CE 3.0
- Microsoft Windows CE 2.0
- Microsoft Windows NT 4.0
GoAhead Software GoAhead WebServer 2.0
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows CE 3.0
- Microsoft Windows CE 2.0
- Microsoft Windows NT 4.0
GoAhead Software GoAhead WebServer 2.1.8

- 不受影响的程序版本

GoAhead Software GoAhead WebServer 2.1.8

- 漏洞讨论

A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests.

An attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker.

This issue affects GoAhead 2.1.7 and earlier.

- 漏洞利用

The following proof of concept has been supplied:

http://www.example.com/asp.asp%00
http://www.example.com/asp.asp%2f
http://www.example.com/asp.asp%5c
http://www.example.com/asp.asp/
http://www.example.com/asp.asp

- 解决方案

The vendor has released GoAhead 2.1.8 to address this issue. Contact the vendor for details.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站