Search...

CVE-2005-0733

2005-05-02T00:00:00

ID CVE-2005-0733
Type cve
Reporter NVD
Modified 2017-07-10T21:32:23

Description

PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not.

JSON Vulners Source

Initial Source

{"id": "CVE-2005-0733", "bulletinFamily": "NVD", "title": "CVE-2005-0733", "description": "PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not.", "published": "2005-05-02T00:00:00", "modified": "2017-07-10T21:32:23", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0733", "reporter": "NVD", "references": ["http://secway.org/advisory/ad20050104.txt", "http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0216.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/19654"], "cvelist": ["CVE-2005-0733"], "type": "cve", "lastseen": "2017-07-11T11:14:49", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:py_software:active_webcam:5.5"], "cvelist": ["CVE-2005-0733"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not.", "edition": 1, "enchantments": {}, "hash": "a0f61122f1cf046dbae6f69e1e239a7048276929c07a09dff04a9ac44be1d13c", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "076027603cee0b9dfb64572a855bb80d", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "44f3f972f1219e5a5130d74f050ce136", "key": "published"}, {"hash": "7c218b93698ed77d1367a1d6cb3edd41", "key": "cvelist"}, {"hash": "ac91730155a9c61db9ffd63ddc3eedce", "key": "cpe"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "c17891f166aeeb3aba5eca6470982abc", "key": "description"}, {"hash": "1187cd1504cf91fa7c1e0ba096bac13b", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "9bdeb0f2c65f6d758ccf6c5595894f1a", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "701c6220e054a82f964185e0b9971683", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0733", "id": "CVE-2005-0733", "lastseen": "2016-09-03T05:12:30", "modified": "2008-09-05T16:47:09", "objectVersion": "1.2", "published": "2005-05-02T00:00:00", "references": ["http://secway.org/advisory/ad20050104.txt", "http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0216.html", "http://xforce.iss.net/xforce/xfdb/19654"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-0733", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T05:12:30"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ac91730155a9c61db9ffd63ddc3eedce"}, {"key": "cvelist", "hash": "7c218b93698ed77d1367a1d6cb3edd41"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "c17891f166aeeb3aba5eca6470982abc"}, {"key": "href", "hash": "9bdeb0f2c65f6d758ccf6c5595894f1a"}, {"key": "modified", "hash": "a0ece0b5c271022cd69eeb6ff35f9614"}, {"key": "published", "hash": "44f3f972f1219e5a5130d74f050ce136"}, {"key": "references", "hash": "99b8cc7ed48769854895f379b8c09b12"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "1187cd1504cf91fa7c1e0ba096bac13b"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ad8c85d72933705c924ddb82370da509242a82112878e8f3d7ba05a3d805b758", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:py_software:active_webcam:5.5"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"result": {"osvdb": [{"id": "OSVDB:14641", "type": "osvdb", "title": "Active WebCam Error Message File Existence Enumeration", "description": "## Vulnerability Description\nActive WebCam contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when issuing a specially crafted URL, which causes the application to return an error message whether the file exists on the system or not resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nActive WebCam contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when issuing a specially crafted URL, which causes the application to return an error message whether the file exists on the system or not resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://[victim]:8080/c:\\nonexsit.txt\n\nhttp://[victim]:8080/c:\\boot.ini\n## References:\nVendor URL: http://www.pysoft.com\n[Secunia Advisory ID:14553](https://secuniaresearch.flexerasoftware.com/advisories/14553/)\n[Related OSVDB ID: 14638](https://vulners.com/osvdb/OSVDB:14638)\n[Related OSVDB ID: 14640](https://vulners.com/osvdb/OSVDB:14640)\n[Related OSVDB ID: 14639](https://vulners.com/osvdb/OSVDB:14639)\n[Related OSVDB ID: 14642](https://vulners.com/osvdb/OSVDB:14642)\nOther Advisory URL: http://secway.org/advisory/ad20050104.txt\nMail List Post: http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032334.html\nISS X-Force ID: 19654\n[CVE-2005-0733](https://vulners.com/cve/CVE-2005-0733)\nBugtraq ID: 12778\n", "published": "2005-03-10T10:18:26", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:14641", "cvelist": ["CVE-2005-0733"], "lastseen": "2017-04-28T13:20:10"}], "nessus": [{"id": "ACTIVEWEBCAM_MULTIPLE_VULNS.NASL", "type": "nessus", "title": "Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc)", "description": "The version of PY Software's Active WebCam web server running on the remote host is affected by multiple vulnerabilities:\n\n o Denial of Service Vulnerabilities.\n A request for a file on floppy drive may result in a dialog prompt, causing the service to cease until it is acknowledged by an administrator. In addition, requesting the file 'Filelist.html' reportedly causes CPU usage on the remote host to increase, ultimately leading to denial of service.\n\n o Information Disclosure Vulnerabilities.\n A request for a nonexistent file will return an error message with the installation path for the software. Further, error messages differ depending on whether a file exists or is inaccessible. An attacker may exploit these issues to gain information about the filesystem on the remote host.\n\nNote that while versions 4.3 and 5.5 are known to be affected, earlier versions are likely to be as well.", "published": "2005-03-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=17320", "cvelist": ["CVE-2005-0733", "CVE-2005-0730", "CVE-2005-0731", "CVE-2005-0734", "CVE-2005-0732"], "lastseen": "2018-06-14T07:11:46"}]}}