Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)

vendor:

Geovision Digital Video Surveillance System (geohttpserver)

by:

Dejan Levaja

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: Geovision Digital Video Surveillance System (geohttpserver)

Affected Version From: 8.2

Affected Version To: 8.2

Patch Exists: YES

Related CWE: N/A

CPE: a:geovision:geovision_digital_video_surveillance_system

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)

A directory traversal vulnerability exists in Geovision Digital Video Surveillance System (geohttpserver) version 8.2, which allows an attacker to access arbitrary files on the system. This is achieved by sending a specially crafted HTTP request containing directory traversal sequences such as '../' to the vulnerable server.

Mitigation:

Upgrade to version 8.3 of Geovision Digital Video Surveillance System (geohttpserver)

Source

Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)

Mitigation:

Exploit-DB raw data: