Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Yawcam 0.6.0 Directory Traversal Vulnerability

🗓️ 10 Jan 2018 00:00:00Reported by David PanterType 
zdt
 zdt🔗 0day.today👁 74 Views

Directory traversal vulnerability in Yawcam webcam server. Yawcam 0.2.6 to 0.6.0 can be exploited to read arbitrary files via HTTP GET requests

Related
Code
ReporterTitlePublishedViews
Family
CNVD		Yawcam HTTP Server Directory Traversal Vulnerability
12 Jan 201800:00
cnvd
CVE		CVE-2017-17662
10 Jan 201818:00
cve
Cvelist		CVE-2017-17662
10 Jan 201818:00
cvelist
EUVD		EUVD-2017-8820
7 Oct 202500:30
euvd
NVD		CVE-2017-17662
10 Jan 201818:29
nvd
OpenVAS		Yawcam 0.2.6 - 0.6.0 Directory Traversal Vulnerability
15 Jan 201800:00
openvas
Packet Storm		Yawcam 0.6.0 Directory Traversal
9 Jan 201800:00
packetstorm
Prion		Directory traversal
10 Jan 201818:29
prion
Directory traversal vulnerability in Yawcam webcam server
=========================================================

Overview
--------
Affected Versions: Yawcam 0.2.6 through 0.6.0
Patched Versions: Yawcam 0.6.1
Vendor: Yawcam
Vendor URL: http://www.yawcam.com
CVE: CVE-2017-17662
Credit: David Panter, Global Relay CSOC
Status: Public
Public disclosure URL: http://www.yawcam.com/news.php

Summary
-------
By sending a specially crafted HTTP GET request a remote attacker can read arbitrary files on the target computer under the privileges of the Yawcam software or service.

Product Description
-------------------
Yawcam is a free webcam software with an integrated HTTP server and wide variety of features.

Severity Rating: High

Vulnerability description
-------------------------
The Yamcam HTTP server contains a directory traversal vulnerability that allows attacker to read arbitrary files through a sequence in the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ for example '.\./', '....\/' or '...\./'.

For files with no extension a single dot needs to be appended to ensure the HTTP server does not alter the request.

POC
---
By sending the following string to the Yawcam HTTP server we can read the hosts file from the target machine
"GET /.\./.\./.\./.\./.\./.\./.\./windows/system32/drivers/etc/hosts."

Timeline
--------
2017-12-12  Vulnerability discovered
2017-12-13  Vendor contacted
2017-12-13  CVE ID assigned
2017-12-15  Vendor reply
2017-12-18  Fixed version released
2017-12-18  Vendor disclosed vulnerability

#  0day.today [2018-04-08]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Jan 2018 00:00Current
EPSS0.03553
yawcamdirectory traversalvulnerabilityhttp serverremote attackerarbitrary filesprivilegespatchedcve-2017-17662severity highfree webcam softwareintegratedpoctimelinediscovery date.
74