Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

ZoneMinder Information Disclosure Vulnerability

Severity

Medium

Family

Web application abuses

CVSSv2 Base

5.0

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Solution Type

Mitigation

Created

7 years ago

Modified

5 years ago

ZoneMinder is prone to an information disclosure and authentication bypass vulnerability.

Insight

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server.

Detection Method

Tries to get a directory listing on the /events/ folder.

Solution

Disable directory listings in the apache configuration.

Common Vulnerabilities and Exposures (CVE)

CVE-2016-10140

References

https://github.com/ZoneMinder/ZoneMinder/pull/1697

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

ZoneMinder Information Disclosure Vulnerability

Information

Severity

Severity

Family

Family

CVSSv2 Base

CVSSv2 Base

CVSSv2 Vector

CVSSv2 Vector

Solution Type

Solution Type

Created

Created

Modified

Modified

Share

Summary

Insight

Insight

Detection Method

Detection Method

Solution

Solution

Common Vulnerabilities and Exposures (CVE)

References