GoAhead WebServer出错页面绕过站点脚本漏洞

漏洞信息详情

GoAhead WebServer出错页面绕过站点脚本漏洞

• CNNVD编号：CNNVD-200207-088
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-0681
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2002-07-23
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  goahead_software
• 漏洞来源：
  Discovery credited…

GoAhead Web Server 2.1版本存在跨站脚本漏洞。远程攻击者可以像其他用户样借助产生\”404 not found\”消息的URL脚本执行脚本，该漏洞不引用脚本。

An updated version of GoAhead WebServer has been released which addresses this issue. Users are advised to upgrade as soon as possible.
GoAhead Software GoAhead WebServer 2.1

• GoAhead Software GoAhead Server 2.1.6
  
  http://12.129.4.11/webserver/wsregister.asp

GoAhead Software GoAhead WebServer 2.1.1

• GoAhead Software GoAhead Server 2.1.6
  
  http://12.129.4.11/webserver/wsregister.asp

GoAhead Software GoAhead WebServer 2.1.2

• GoAhead Software GoAhead Server 2.1.6
  
  http://12.129.4.11/webserver/wsregister.asp

GoAhead Software GoAhead WebServer 2.1.3

• GoAhead Software GoAhead Server 2.1.6
  
  http://12.129.4.11/webserver/wsregister.asp

GoAhead Software GoAhead WebServer 2.1.4

• GoAhead Software GoAhead Server 2.1.6
  
  http://12.129.4.11/webserver/wsregister.asp

GoAhead Software GoAhead WebServer 2.1.5

• GoAhead Software GoAhead Server 2.1.6
  
  http://12.129.4.11/webserver/wsregister.asp

来源: BID
名称: 5198
链接:http://www.securityfocus.com/bid/5198

来源: XF
名称: goahead-error-msg-xss(9518)
链接:http://www.iss.net/security_center/static/9518.php

来源: BUGTRAQ
名称: 20020710 wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=102631742711795&w=2

来源: VULNWATCH
名称: 20020710 [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html