Details of VAR-200902-0685

ID

VAR-200902-0685

CVE

CVE-2002-2431

TITLE

GoAhead WebServer 'socketInputBuffered function ' Unknown vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200902-116

DESCRIPTION

Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software. It has to do with incorrect use of the socketInputBuffered function

Trust: 1.26

sources: NVD: CVE-2002-2431 // BID: 33838 // VULHUB: VHN-6814

AFFECTED PRODUCTS

vendor:	goahead	model:	webserver	scope:	eq	version:	2.1	Trust: 1.6
vendor:	goahead	model:	webserver	scope:	eq	version:	2.0	Trust: 1.6
vendor:	goahead	model:	webserver	scope:	eq	version:	2.1.2	Trust: 1.6
vendor:	goahead	model:	webserver	scope:	eq	version:	2.1.1	Trust: 1.6
vendor:	goahead	model:	webserver	scope:	lte	version:	2.1.3	Trust: 1.0
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1	Trust: 0.6
vendor:	goahead	model:	webserver	scope:	eq	version:	2.1.3	Trust: 0.6
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.5	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.4	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.3	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	eq	version:	2.0	Trust: 0.3
vendor:	goahead	model:	software goahead webserver	scope:	ne	version:	2.1.6	Trust: 0.3

sources: BID: 33838 // CNNVD: CNNVD-200902-116 // NVD: CVE-2002-2431

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2431
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200902-116
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6814
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-2431
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6814
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6814 // CNNVD: CNNVD-200902-116 // NVD: CVE-2002-2431

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2002-2431

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200902-116

TYPE

design error

Trust: 0.6

sources: CNNVD: CNNVD-200902-116

EXTERNAL IDS

db:	NVD	id:	CVE-2002-2431	Trust: 2.0
db:	CNNVD	id:	CNNVD-200902-116	Trust: 0.7
db:	BID	id:	33838	Trust: 0.3
db:	VULHUB	id:	VHN-6814	Trust: 0.1

sources: VULHUB: VHN-6814 // BID: 33838 // CNNVD: CNNVD-200902-116 // NVD: CVE-2002-2431

REFERENCES

url:	http://data.goahead.com/software/webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c	Trust: 1.7
url:	http://data.goahead.com/software/webserver/2.1.6/release.htm	Trust: 0.3
url:	http://www.goahead.com/	Trust: 0.3

sources: VULHUB: VHN-6814 // BID: 33838 // CNNVD: CNNVD-200902-116 // NVD: CVE-2002-2431

CREDITS

Richard Cullen, Luigi Auriemma, and the vendor.

Trust: 0.9

sources: BID: 33838 // CNNVD: CNNVD-200902-116

SOURCES

db:	VULHUB	id:	VHN-6814
db:	BID	id:	33838
db:	CNNVD	id:	CNNVD-200902-116
db:	NVD	id:	CVE-2002-2431

LAST UPDATE DATE

2024-08-14T13:49:48.868000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6814	date:	2009-02-09T00:00:00
db:	BID	id:	33838	date:	2009-02-19T22:10:00
db:	CNNVD	id:	CNNVD-200902-116	date:	2009-02-09T00:00:00
db:	NVD	id:	CVE-2002-2431	date:	2009-02-09T05:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6814	date:	2009-02-06T00:00:00
db:	BID	id:	33838	date:	2002-10-17T00:00:00
db:	CNNVD	id:	CNNVD-200902-116	date:	2009-02-06T00:00:00
db:	NVD	id:	CVE-2002-2431	date:	2009-02-06T19:30:00.377