Vulnerabilities > CVE-2004-2426 - Unspecified vulnerability in Axis products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Vulnerable Configurations
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
- http://secunia.com/advisories/12353
- http://secunia.com/advisories/12353
- http://securitytracker.com/id?1011056
- http://securitytracker.com/id?1011056
- http://www.osvdb.org/9122
- http://www.osvdb.org/9122
- http://www.securityfocus.com/bid/11011
- http://www.securityfocus.com/bid/11011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17079
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17079