漏洞信息详情
Axis Network Camera And Video Server多个漏洞
- CNNVD编号:CNNVD-200412-745
- 危害等级: 低危
- CVE编号: CVE-2004-2426
- 漏洞类型: 路径遍历
- 发布时间: 2004-12-31
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: axis
- 漏洞来源: disclosed these vulnerabilities.');">bashis <>
漏洞简介
Axis Network Camera 2.40及其以前的版本和Video Server 3.12以前的版本存在目录遍历漏洞。远程攻击者借助ServerManager.srv的HTTP POST请求中的..(点 点)绕过认证,然后使用这些权限来进行其他活动,如使用editcgi.cgi修改文件。
漏洞公告
Axis Communications has released upgrades to deal with this issue. Please see the referenced Bugtraq message for more information. Axis Communications 2401 Video Server 1.0 1
- Axis Communications Axis 2401 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/2_34_1/
- Axis Communications Axis 2400 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/2_34_1/
- Axis Communications Axis 2400+ Video Server (3.13) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400p/release_candidate/3_13/
- Axis Communications Axis 2400 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/2_34_1/
- Axis Communications Axis 2400+ Video Server (3.13) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400p/release_candidate/3_13/
- Axis Communications Axis 2400 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/2_34_1/
- Axis Communications Axis 2400+ Video Server (3.13) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400p/release_candidate/3_13/
- Axis Communications Axis 2400 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/2_34_1/
- Axis Communications Axis 2400+ Video Server (3.13) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400p/release_candidate/3_13/
- Axis Communications Axis 2400 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/2_34_1/
- Axis Communications Axis 2400+ Video Server (3.13) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400p/release_candidate/3_13/
- Axis Communications Axis 2400 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/2_34_1/
- Axis Communications Axis 2400+ Video Server (3.13) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400p/release_candidate/3_13/
- Axis Communications Axis 2401 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/2_34_1/
- Axis Communications Axis 2400 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/2_34_1/
- Axis Communications Axis 2400+ Video Server (3.13) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400p/release_candidate/3_13/
- Axis Communications Axis 2490 Serial Server (2.12) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2490/release_candidate/3_13/
- Axis Communications Axis 2100 Network Camera (2.42) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2100/release_candidate/2_42/
- Axis Communications Axis 2420 Network Camera (2.42) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2420/release_candidate/2_42/
- Axis Communications Axis 2120 Network Camera (2.42) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2120/release_candidate/2_42/
- Axis Communications Axis 2110 Network Camera (2.42) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2110/release_candidate/2_42/
- Axis Communications Axis 2400 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/2_34_1/
- Axis Communications Axis 2400+ Video Server (3.13) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400p/release_candidate/3_13/
- Axis Communications Axis 2401 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/2_34_1/
- Axis Communications Axis 2420 Network Camera (2.42) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2420/release_candidate/2_42/
- Axis Communications Axis 2110 Network Camera (2.42) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2110/release_candidate/2_42/
- Axis Communications Axis 2100 Network Camera (2.42) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2100/release_candidate/2_42/
- Axis Communications Axis 2401 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2401/sr/2_34_1/
- Axis Communications Axis 2400 Video Server (2.34.1) ftp://ftp.axis.com/pub_soft/cam_srv/cam_2400/sr/2_34_1/
-
Axis Communications Axis 2400+ Video Server (3.13)
参考网址
来源: BID 名称: 11011 链接:http://www.securityfocus.com/bid/11011 来源: SECTRACK 名称: 1011056 链接:http://securitytracker.com/id?1011056 来源: SECUNIA 名称: 12353 链接:http://secunia.com/advisories/12353 来源: FULLDISC 名称: 20040831 Axis Network Camera and Video Server Security Advisory 链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.HTML 来源: XF 名称: axis-directory-traversal(17079) 链接:http://xforce.iss.net/xforce/xfdb/17079 来源: OSVDB 名称: 9122 链接:http://www.osvdb.org/9122 来源: FULLDISC 名称: 20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers 链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.HTML
受影响实体
- Axis 2400_video_server:2.34
- Axis 2400_video_server:2.33
- Axis 2400_video_server:2.32
- Axis 2400_video_server:2.31
- Axis 2400_video_server:3.11
补丁
暂无
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
评论