漏洞信息详情

漏洞简介

Axis Network Camera 2.40及其以前的版本和Video Server 3.12以前的版本存在目录遍历漏洞。远程攻击者借助ServerManager.srv的HTTP POST请求中的..(点 点)绕过认证,然后使用这些权限来进行其他活动,如使用editcgi.cgi修改文件。

漏洞公告

Axis Communications has released upgrades to deal with this issue. Please see the referenced Bugtraq message for more information. Axis Communications 2401 Video Server 1.0 1

Axis Communications 2400 Video Server 1.0 1 Axis Communications 2400 Video Server 1.0 2 Axis Communications 2400 Video Server 1.10 Axis Communications 2400 Video Server 1.11 Axis Communications 2400 Video Server 1.12 Axis Communications 2400 Video Server 1.15 Axis Communications 2401 Video Server 1.15 Axis Communications 2400 Video Server 2.0 Axis Communications 2490 Serial Server 2.11.3 Axis Communications 2100 Network Camera 2.12 Axis Communications 2420 Network Camera 2.12 Axis Communications 2120 Network Camera 2.12 Axis Communications 2110 Network Camera 2.12 Axis Communications 2400 Video Server 2.20 Axis Communications 2401 Video Server 2.20 Axis Communications 2420 Network Camera 2.30 Axis Communications 2110 Network Camera 2.30 Axis Communications 2100 Network Camera 2.30 Axis Communications 2401 Video Server 2.30 Axis Communications 2400 Video Server 2.30

参考网址

来源: BID 名称: 11011 链接:http://www.securityfocus.com/bid/11011 来源: SECTRACK 名称: 1011056 链接:http://securitytracker.com/id?1011056 来源: SECUNIA 名称: 12353 链接:http://secunia.com/advisories/12353 来源: FULLDISC 名称: 20040831 Axis Network Camera and Video Server Security Advisory 链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html 来源: XF 名称: axis-directory-traversal(17079) 链接:http://xforce.iss.net/xforce/xfdb/17079 来源: OSVDB 名称: 9122 链接:http://www.osvdb.org/9122 来源: FULLDISC 名称: 20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers 链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多