CVE-2000-0144

Description

Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.

Affected products

• axis / 700_network_document_server1.0 – 1.0
• axis / 700_network_document_server1.10 – 1.10
• axis / 700_network_document_server1.11 – 1.11
• axis / 700_network_document_server1.12 – 1.12
• axis / 700_network_document_server1.13 – 1.13
• axis / 700_network_document_server1.14 – 1.14

References

• MISChttp://www.securityfocus.com/bid/971
• MISChttp://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html