Yawcam Web Server Traversal Arbitrary File Access

medium Nessus Plugin ID 18176

Synopsis

The remote web server itself is prone to directory traversal attacks.

Description

The remote host is running Yawcam, yet another web cam software.

The installed version of Yawcam is vulnerable to a directory traversal flaw. By exploiting this issue, an attacker may be able to gain access to material outside of the web root.

Solution

Upgrade to Yawcam 0.2.6 or later.

See Also

http://marc.info/?l=bugtraq&m=111410564915961&w=2

Plugin Details

Severity: Medium

ID: 18176

File Name: yawcam_dir_traversal.nasl

Version: 1.18

Type: remote

Family: Web Servers

Published: 5/2/2005

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 4/21/2005

Reference Information

CVE: CVE-2005-1230

BID: 13295