Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0334

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0334
Last Modified 10 Sep 2008 03:25:52
Published 23 Nov 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0334

Summary

InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash). NOTE: the original report mentioned AXIS 2100 Network Camera, but this was likely a cut-and-paste error.

Vulnerable Systems


References

XF - InnoMedia-videophone-bypass-authentication(15636)

OSVDB - 4809

SECTRACK - 1009522

BUGTRAQ - 20040227 InnoMedia VideoPhone Authorization Bypass


Last Updated: 27 May 2016 10:38:34