Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-10140

Published: 13/01/2017 Updated: 16/03/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Zoneminder

Vulnerability Summary

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated malicious user to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zoneminder zoneminder 1.30.0

Vendor Advisories

Debian CVElist Bug Report Logs: zoneminder: CVE-2016-10140
Debian Bug report logs - #851710 zoneminder: CVE-2016-10140 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 17 Jan 2017 20:39:02 UTC Severity: grave Tags: patch, security, upstream Found in version zonemin ...

Exploits

Exploit DB: ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
Various ZoneMinder versions suffer from authentication bypass, cross site request forgery, cross site scripting, information disclosure, and file disclosure vulnerabilities ...

Github Repositories

https://github.com/asaotomo/CVE-2016-10140-Zoneminder-Poc

Zoneminder 未授权访问批量检测工具:ZoneMinder v1.30和v1.29捆绑的Apache HTTP Server配置中存在信息泄露和认证绕过漏洞,允许远程未认证攻击者浏览web根目录下的所有目录。

Zoneminder 未授权访问(CVE-2016-10140)Poc--批量验证脚本 漏洞描述 ZoneMinder是一款开源视频监控系统当异常事件发生时,你就可以收到e-mail或简讯通知。ZoneMinder v130和v129捆绑的Apache HTTP Server配置中存在信息泄露和认证绕过漏洞,允许远程未认证攻击者浏览web根目录下的所有目录。 FOFA语法 a

References

CWE-200https://github.com/ZoneMinder/ZoneMinder/pull/1697https://github.com/ZoneMinder/ZoneMinder/commit/71898df7565ed2a51dfe76a1cf30ddb81fc888bahttp://seclists.org/fulldisclosure/2017/Feb/11http://seclists.org/bugtraq/2017/Feb/6http://www.securityfocus.com/bid/96849https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851710https://nvd.nist.govhttps://github.com/asaotomo/CVE-2016-10140-Zoneminder-Poc
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook