CVE-2016-10140

Published: Jan 13, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.

Affected (1)

Products: Zoneminder: Zoneminder

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zoneminder Zoneminder	Version 1.30.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://seclists.org/bugtraq/2017/Feb/6

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2017/Feb/11

Source: cve@mitre.org

http://www.securityfocus.com/bid/96849

Source: cve@mitre.org

https://github.com/ZoneMinder/ZoneMinder/commit/71898df7565ed2a51dfe76a1cf30ddb81fc888ba

Source: cve@mitre.org

https://github.com/ZoneMinder/ZoneMinder/pull/1697

Source: cve@mitre.org

Issue Tracking

http://seclists.org/bugtraq/2017/Feb/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2017/Feb/11

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/96849

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/ZoneMinder/ZoneMinder/commit/71898df7565ed2a51dfe76a1cf30ddb81fc888ba

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/ZoneMinder/ZoneMinder/pull/1697

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.