PY Software Active Webcam Webserver Multiple Vulnerabilities
BID:12778
Info
PY Software Active Webcam Webserver Multiple Vulnerabilities
| Bugtraq ID: | 12778 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 10 2005 12:00AM |
| Updated: | Mar 10 2005 12:00AM |
| Credit: | Discovery of these issues is credited to "Sowhat ." <[email protected]>. |
| Vulnerable: |
PY Software Active WebCam 5.5 PY Software Active WebCam 4.3 |
| Not Vulnerable: | |
Discussion
PY Software Active Webcam Webserver Multiple Vulnerabilities
Active Webcam webserver is reported prone to multiple vulnerabilities. The following individual issues are reported:
The first issue, a denial of service is reported to manifest when a request is received for a file that exists on a floppy drive.
A remote attacker may exploit this issue to deny service for legitimate users.
A denial of service is reported to exist when the 'Filelist.html' file is requested.
A remote attacker may exploit this issue to deny service for legitimate users.
An installation path disclosure vulnerability is reported to affect Active Webcam. It is reported that a request for a non-existent file will result in an error message that contains the installation path of the software.
A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer.
An information disclosure vulnerability is reported to affect Active Webcam. It is reported that this vulnerability exists because different error messages are returned to a request for a file depending on whether the file exists or not.
A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer.
Active Webcam webserver is reported prone to multiple vulnerabilities. The following individual issues are reported:
The first issue, a denial of service is reported to manifest when a request is received for a file that exists on a floppy drive.
A remote attacker may exploit this issue to deny service for legitimate users.
A denial of service is reported to exist when the 'Filelist.html' file is requested.
A remote attacker may exploit this issue to deny service for legitimate users.
An installation path disclosure vulnerability is reported to affect Active Webcam. It is reported that a request for a non-existent file will result in an error message that contains the installation path of the software.
A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer.
An information disclosure vulnerability is reported to affect Active Webcam. It is reported that this vulnerability exists because different error messages are returned to a request for a file depending on whether the file exists or not.
A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer.
Exploit / POC
PY Software Active Webcam Webserver Multiple Vulnerabilities
The following examples are available:
http://www.example.com:8080/Filelist.html
http://www.example.com:8080/A:\a.txt
http://www.example.com:8080/a
The following examples are available:
http://www.example.com:8080/Filelist.html
http://www.example.com:8080/A:\a.txt
http://www.example.com:8080/a
Solution / Fix
PY Software Active Webcam Webserver Multiple Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PY Software Active Webcam Webserver Multiple Vulnerabilities
References:
References:
- Active Webcam Product Page (PY Software)