CVE-2003-1386

Severity

64%

Complexity

99%

Confidentiality

81%

AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.

AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P).

Overview

Type

Axis Communications AXIS

First reported 21 years ago

2003-12-31 05:00:00

Last updated 7 years ago

2017-07-29 01:29:00

Affected Software

Axis Communications AXIS 2400 Video Server 2.0

2.0

Axis Communications AXIS 2400 Video Server 2.20

2.20

Axis Communications AXIS 2400 Video Server 2.31

2.31

Axis Communications AXIS 2400 Video Server 2.32

2.32

Axis Communications AXIS 2400 Video Server 2.33

2.33

Axis Communications AXIS 2401 Video Server 2.20

2.20

Axis Communications AXIS 2401 Video Server 2.31

2.31

Axis Communications AXIS 2401 Video Server 2.32

2.32

Axis Communications AXIS 2401 Video Server 2.33

2.33

References

20030228 axis2400 webcams

20030325 Axis Video and Camera Servers - System log access and file access/overwrite via HTTP/CGI

6980

http://www.websec.org/adv/axis2400.txt.html

axis-messages-unauth-access(11440)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.