Auth bypass in Goahead Goahead_webserver

CVE-2002-2427

The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.

Vulnerability class: Broken Authentication

EPSS: 0.013 (67.3th percentile) — read the EPSS interpretation.

Affected products

Goahead Goahead_webserver — versions 2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (US Government Resource, x_refsource_CERT-VN, third-party-advisory)