CVE-2003-1386

Description

AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.

Affected products

• axis / 2400_video_server2.0 – 2.0
• axis / 2400_video_server2.20 – 2.20
• axis / 2400_video_server2.31 – 2.31
• axis / 2400_video_server2.32 – 2.32
• axis / 2400_video_server2.33 – 2.33
• axis / 2401_video_server2.20 – 2.20
• axis / 2401_video_server2.31 – 2.31
• axis / 2401_video_server2.32 – 2.32
• axis / 2401_video_server2.33 – 2.33

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/11440
• MISChttp://www.websec.org/adv/axis2400.txt.html
• MISChttp://archives.neohapsis.com/archives/bugtraq/2003-03/0370.html
• MISChttp://www.securityfocus.com/bid/6980
• MISChttp://archives.neohapsis.com/archives/bugtraq/2003-02/0377.html