Active Webcam Webserver Multiple Vulnerabilities

vendor:

Active Webcam Webserver

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service, Installation Path Disclosure, Information Disclosure

20, 200, 532

CWE

Product Name: Active Webcam Webserver

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

Active Webcam Webserver Multiple Vulnerabilities

Active Webcam webserver is reported prone to multiple vulnerabilities. The first issue, a denial of service is reported to manifest when a request is received for a file that exists on a floppy drive. A remote attacker may exploit this issue to deny service for legitimate users. A denial of service is reported to exist when the 'Filelist.html' file is requested. A remote attacker may exploit this issue to deny service for legitimate users. An installation path disclosure vulnerability is reported to affect Active Webcam. It is reported that a request for a non-existent file will result in an error message that contains the installation path of the software. A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer. An information disclosure vulnerability is reported to affect Active Webcam. It is reported that this vulnerability exists because different error messages are returned to a request for a file depending on whether the file exists or not. A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer.

Mitigation:

Users should ensure that all requests for files are validated and that requests for non-existent files are not allowed. Additionally, users should ensure that all requests for files are validated and that requests for non-existent files are not allowed.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12778/info

Active Webcam webserver is reported prone to multiple vulnerabilities. The following individual issues are reported:

The first issue, a denial of service is reported to manifest when a request is received for a file that exists on a floppy drive.

A remote attacker may exploit this issue to deny service for legitimate users.

A denial of service is reported to exist when the 'Filelist.html' file is requested.

A remote attacker may exploit this issue to deny service for legitimate users.

An installation path disclosure vulnerability is reported to affect Active Webcam. It is reported that a request for a non-existent file will result in an error message that contains the installation path of the software.

A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer.

An information disclosure vulnerability is reported to affect Active Webcam. It is reported that this vulnerability exists because different error messages are returned to a request for a file depending on whether the file exists or not.

A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer. 

http://www.example.com:8080/Filelist.html
http://www.example.com:8080/A:\a.txt
http://www.example.com:8080/a