ID CVE-2005-0733 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:32:00
Description
PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not.
{"osvdb": [{"lastseen": "2017-04-28T13:20:10", "bulletinFamily": "software", "description": "## Vulnerability Description\nActive WebCam contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when issuing a specially crafted URL, which causes the application to return an error message whether the file exists on the system or not resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nActive WebCam contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when issuing a specially crafted URL, which causes the application to return an error message whether the file exists on the system or not resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://[victim]:8080/c:\\nonexsit.txt\n\nhttp://[victim]:8080/c:\\boot.ini\n## References:\nVendor URL: http://www.pysoft.com\n[Secunia Advisory ID:14553](https://secuniaresearch.flexerasoftware.com/advisories/14553/)\n[Related OSVDB ID: 14638](https://vulners.com/osvdb/OSVDB:14638)\n[Related OSVDB ID: 14640](https://vulners.com/osvdb/OSVDB:14640)\n[Related OSVDB ID: 14639](https://vulners.com/osvdb/OSVDB:14639)\n[Related OSVDB ID: 14642](https://vulners.com/osvdb/OSVDB:14642)\nOther Advisory URL: http://secway.org/advisory/ad20050104.txt\nMail List Post: http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032334.html\nISS X-Force ID: 19654\n[CVE-2005-0733](https://vulners.com/cve/CVE-2005-0733)\nBugtraq ID: 12778\n", "modified": "2005-03-10T10:18:26", "published": "2005-03-10T10:18:26", "href": "https://vulners.com/osvdb/OSVDB:14641", "id": "OSVDB:14641", "type": "osvdb", "title": "Active WebCam Error Message File Existence Enumeration", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:08:26", "bulletinFamily": "scanner", "description": "The version of PY Software's Active WebCam web server running on the remote host is affected by multiple vulnerabilities:\n\n o Denial of Service Vulnerabilities.\n A request for a file on floppy drive may result in a dialog prompt, causing the service to cease until it is acknowledged by an administrator. In addition, requesting the file 'Filelist.html' reportedly causes CPU usage on the remote host to increase, ultimately leading to denial of service.\n\n o Information Disclosure Vulnerabilities.\n A request for a nonexistent file will return an error message with the installation path for the software. Further, error messages differ depending on whether a file exists or is inaccessible. An attacker may exploit these issues to gain information about the filesystem on the remote host.\n\nNote that while versions 4.3 and 5.5 are known to be affected, earlier versions are likely to be as well.", "modified": "2018-11-15T00:00:00", "id": "ACTIVEWEBCAM_MULTIPLE_VULNS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17320", "published": "2005-03-12T00:00:00", "title": "Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17320);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/11/15 20:50:16\");\n\n script_cve_id(\"CVE-2005-0730\", \"CVE-2005-0731\", \"CVE-2005-0732\", \"CVE-2005-0733\", \"CVE-2005-0734\");\n script_bugtraq_id(12778);\n\n script_name(english:\"Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc)\");\n script_summary(english:\"Checks for multiple remote vulnerabilities in Active WebCam webserver 5.5 and older\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PY Software's Active WebCam web server running on the\nremote host is affected by multiple vulnerabilities:\n\n o Denial of Service Vulnerabilities.\n A request for a file on floppy drive may result in a dialog\n prompt, causing the service to cease until it is acknowledged by\n an administrator. In addition, requesting the file 'Filelist.html'\n reportedly causes CPU usage on the remote host to increase,\n ultimately leading to denial of service.\n\n o Information Disclosure Vulnerabilities.\n A request for a nonexistent file will return an error message\n with the installation path for the software. Further, error\n messages differ depending on whether a file exists or is\n inaccessible. An attacker may exploit these issues to gain\n information about the filesystem on the remote host.\n\nNote that while versions 4.3 and 5.5 are known to be affected, earlier\nversions are likely to be as well.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df2bc6eb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2005/Mar/294\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_MIXED_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8080);\n\n\n# Grab the main page and make sure it's for Active WebCam.\nres = http_get_cache(item:\"/\", port:port, exit_on_fail: 1);\nif ('name=\"GENERATOR\" content=\"Active WebCam' >!< res)\n exit(0, \"The web server on port \"+port+\" is not Active WebCam.\");\n\nif (safe_checks()) {\n if (egrep(string:res, pattern:'name=\"GENERATOR\" content=\"Active WebCam ([0-4][^0-9]|5\\\\.[0-5] )'))\n security_warning(port);\n}\nelse {\n # Let's request a nonexistent page and see if we can find the install path.\n # Use the number of microseconds in the time for the page.\n now = split(gettimeofday(), sep:\".\", keep:0);\n page = now[1];\n\n r = http_send_recv3(method:\"GET\", item:\"/\" + page, port:port);\n res = strcat(r[0], r[1], '\\r\\n', r[2]);\n\n pat = \"The requested file: <B>([^<]+)</B> was not found.\";\n matches = egrep(string:res, pattern:pat, icase:TRUE);\n foreach match (split(matches)) {\n match = chomp(match);\n path = eregmatch(pattern:pat, string:match);\n if (!isnull(path)) {\n path = path[1];\n if (ereg(string:path, pattern:\"^[A-Za-z]:\\\\\")) security_warning(port);\n }\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
