漏洞信息详情
GoAhead WebServer出错页面绕过站点脚本漏洞
- CNNVD编号:CNNVD-200207-088
- 危害等级: 高危
- CVE编号: CVE-2002-0681
- 漏洞类型: 跨站脚本
- 发布时间: 2002-07-23
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: goahead_software
- 漏洞来源: .');">Discovery credited...
漏洞简介
GoAhead Web Server 2.1版本存在跨站脚本漏洞。远程攻击者可以像其他用户样借助产生\"404 not found\"消息的URL脚本执行脚本,该漏洞不引用脚本。
漏洞公告
An updated version of GoAhead WebServer has been released which addresses this issue. Users are advised to upgrade as soon as possible. GoAhead Software GoAhead WebServer 2.1
- GoAhead Software GoAhead Server 2.1.6 http://12.129.4.11/webserver/wsregister.asp
- GoAhead Software GoAhead Server 2.1.6 http://12.129.4.11/webserver/wsregister.asp
- GoAhead Software GoAhead Server 2.1.6 http://12.129.4.11/webserver/wsregister.asp
- GoAhead Software GoAhead Server 2.1.6 http://12.129.4.11/webserver/wsregister.asp
- GoAhead Software GoAhead Server 2.1.6 http://12.129.4.11/webserver/wsregister.asp
- GoAhead Software GoAhead Server 2.1.6 http://12.129.4.11/webserver/wsregister.asp
参考网址
来源: BID 名称: 5198 链接:http://www.securityfocus.com/bid/5198 来源: XF 名称: goahead-error-msg-xss(9518) 链接:http://www.iss.net/security_center/static/9518.php 来源: BUGTRAQ 名称: 20020710 wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=102631742711795&w=2 来源: VULNWATCH 名称: 20020710 [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting 链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.HTML
受影响实体
- Goahead_software Goahead_webserver:2.1.5
- Goahead_software Goahead_webserver:2.1.2
- Goahead_software Goahead_webserver:2.1.3
- Goahead_software Goahead_webserver:2.1.4
- Goahead_software Goahead_webserver:2.1.1
补丁
暂无
评论