Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.
Max CVSS
4.3
EPSS Score
0.42%
Published
2011-11-03
Updated
2017-08-29
GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Max CVSS
5.0
EPSS Score
0.17%
Published
2011-12-27
Updated
2011-12-28
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.
Max CVSS
5.0
EPSS Score
0.18%
Published
2009-02-06
Updated
2009-02-09
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.
Max CVSS
5.0
EPSS Score
0.15%
Published
2009-02-06
Updated
2009-02-09
Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.
Max CVSS
7.5
EPSS Score
0.31%
Published
2009-02-06
Updated
2009-02-09
GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server.
Max CVSS
5.0
EPSS Score
0.17%
Published
2009-02-06
Updated
2009-02-06
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.
Max CVSS
5.0
EPSS Score
0.18%
Published
2009-02-06
Updated
2009-02-06
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.
Max CVSS
5.0
EPSS Score
0.15%
Published
2009-02-06
Updated
2009-07-23
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
Max CVSS
5.0
EPSS Score
0.15%
Published
2009-02-06
Updated
2009-07-23
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!