goahead 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk input validation and vendor risk cross-site scripting などに関し、一部は vendor impact unexpected behavior を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2017-18377 | An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI. | [email protected] | 9.8 | 19.86% | 2019-06-11 | 2024-11-21 |
| CVE-2009-5111 | GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | [email protected] | 5.0 | 0.44% | 2011-12-27 | 2026-04-29 |
| CVE-2011-4273 | Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp. | [email protected] | 4.3 | 1.05% | 2011-11-03 | 2026-04-29 |
| CVE-2003-1569 | GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. | [email protected] | 5.0 | 0.44% | 2009-02-06 | 2026-04-23 |
| CVE-2003-1568 | GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function. | [email protected] | 5.0 | 0.44% | 2009-02-06 | 2026-04-23 |
| CVE-2002-2431 | Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. | [email protected] | 7.5 | 0.42% | 2009-02-06 | 2026-04-23 |
| CVE-2002-2430 | GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server. | [email protected] | 5.0 | 0.44% | 2009-02-06 | 2026-04-23 |
| CVE-2002-2429 | webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. | [email protected] | 5.0 | 0.44% | 2009-02-06 | 2026-04-23 |
| CVE-2002-2428 | webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. | [email protected] | 5.0 | 0.44% | 2009-02-06 | 2026-04-23 |
| CVE-2002-2427 | The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | [email protected] | 5.0 | 0.30% | 2009-02-06 | 2026-04-23 |