Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:718971
HistorySep 10, 2001 - 12:00 a.m.

Beck GmbH IPC@CHIP HTTPD vulernable to arbitrary file disclosure

2001-09-1000:00:00
www.kb.cert.org
13

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

83.2%

JSON

Overview

The Beck IPC@CHIP web server permits intruders to access files outside the web root.

Description

The Beck IPC@CHIP is a single chip embedded webserver. The Web Server’s root directory is set to / by default. Because of this default setting, an attacker can download arbitrary files from any location on the system. One of the files available to an attacker is the chip.ini file. This file contains all of the login names and associated passwords for the device.

Impact

Unless the user changes the default settings on the Beck IPC@CHIP, an intruder can download arbitrary files from any location on the system including the chip.ini file and view all usernames and their associated passwords for the device. An intruder could then gain access to any account on the device.

Solution

Change the default settings on the web server such that / is not the web server’s root directory.

Vendor Information

718971

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

BeckGmbH __ Affected

Notified: May 21, 2001 Updated: September 06, 2001

Status

Affected

Vendor Statement

Please see <http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00010.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23718971 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was discovered by Sentry Research Labs.

This document was written by Ian A. Finlay.

Other Information

CVE IDs: CVE-2001-0749
Severity Metric: 20.25 Date Public:

Related

cvelist 1
cve 1
nvd 1
cvelist
cvelist
CVE-2001-0749
2004-09-01 04:00:00
cve
cve
CVE-2001-0749
2004-09-01 04:00:00
nvd
nvd
CVE-2001-0749
2001-05-24 04:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

83.2%

JSON
Related for VU:718971
cvelist1cve1nvd1