ID CVE-2005-1552
Summary GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image.
References
Vulnerable Configurations
  • cpe:2.3:h:geovision:digital_surveillance_system:6.0.4
    cpe:2.3:h:geovision:digital_surveillance_system:6.0.4
  • cpe:2.3:h:geovision:digital_surveillance_system:6.1
    cpe:2.3:h:geovision:digital_surveillance_system:6.1
  • cpe:2.3:h:geovision:digital_surveillance_system:7.0
    cpe:2.3:h:geovision:digital_surveillance_system:7.0
CVSS
Base: 5.0 (as of 31-05-2005 - 11:07)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Web Servers
NASL id GEOHTTPSERVER_UNAUTHORIZED_IMAGE_ACCESS.NASL
description The GeoVision Digital Surveillance System installed on the remote host suffers from a vulnerability that enables anyone to bypass authentication and view JPEG images stored on the server by calling them directly.
last seen 2019-01-16
modified 2018-11-15
plugin id 18220
published 2005-05-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=18220
title GeoHttpServer Unauthorized Image Access Vulnerability
refmap via4
bid 13571
bugtraq 20050510 Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues
misc http://www.esqo.com/research/advisories/2005/100505-1.txt
osvdb 16340
secunia 15330
xf geovision-authentication(20537)
Last major update 17-10-2016 - 23:20
Published 14-05-2005 - 00:00
Last modified 10-07-2017 - 21:32
Back to Top