Axis Communications HTTP Server Messages信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107229 漏洞类型 权限许可和访问控制
发布时间 2003-02-28 更新时间 2003-12-31
CVE编号 CVE-2003-1386 CNNVD-ID CNNVD-200312-262
漏洞平台 Multiple CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/22296
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-262
|漏洞详情
AXIS2400VideoServer2.00至2.33版本存在漏洞。远程攻击者借助到/support/messages的HTTP请求获取敏感信息,该漏洞显示服务器的/var/log/messages文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/6980/info

It has been reported that the Axis Video Server does not properly secure sensitive information. Because of this, an attacker may be able to gather details about server operation and traffic that could lead to further attacks. 

http://www.example.com/support/messages
|参考资料

来源:XF
名称:axis-messages-unauth-access(11440)
链接:http://xforce.iss.net/xforce/xfdb/11440
来源:www.websec.org
链接:http://www.websec.org/adv/axis2400.txt.html
来源:BID
名称:6980
链接:http://www.securityfocus.com/bid/6980
来源:BUGTRAQ
名称:20030325AxisVideoandCameraServers-Systemlogaccessandfileaccess/overwriteviaHTTP/CGI
链接:http://archives.neohapsis.com/archives/bugtraq/2003-03/0370.html
来源:BUGTRAQ
名称:20030228axis2400webcams
链接:http://archives.neohapsis.com/archives/bugtraq/2003-02/0377.html