• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GoAhead WebServer URL Encoded Slash Directory Traversal Vulnerability

Bugtraq ID:	5197
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 10 2002 12:00AM
Updated:	Jul 10 2002 12:00AM
Credit:	Discovery credited to Matt Moore <matt@westpoint.ltd.uk>.
Vulnerable:	Orange Software Orange Web Server 2.1 + GoAhead Software GoAhead WebServer 2.1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 MontaVista Software Hard Hat Linux 1.0 + GoAhead Software GoAhead WebServer 2.1 GoAhead Software GoAhead WebServer 2.1.5 GoAhead Software GoAhead WebServer 2.1.4 GoAhead Software GoAhead WebServer 2.1.3 GoAhead Software GoAhead WebServer 2.1.2 GoAhead Software GoAhead WebServer 2.1.1 GoAhead Software GoAhead WebServer 2.1 - Linux kernel 2.3 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows CE 3.0 - Microsoft Windows CE 2.0 - Microsoft Windows NT 4.0
Not Vulnerable: