PT-2003-2331 · Axis · Axis 2400 Video Server

Published

2003-12-31

Updated

2017-07-29

CVE-2003-1386

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions AXIS 2400 Video Server versions 2.00 through 2.33

Description The issue allows remote attackers to obtain sensitive information via an HTTP request to "/support/messages", which displays the server's /var/log/messages file.

Recommendations For versions 2.00 through 2.33, as a temporary workaround, consider restricting access to the "/support/messages" endpoint until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2003-1386

Affected Products

Axis 2400 Video Server

PT-2003-2331 · Axis · Axis 2400 Video Server

CVE-2003-1386

Weakness Enumeration

Related Identifiers

Affected Products

References · 7