Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2426


Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2426
Last Modified 05 Sep 2008 04:44:06
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.

Vulnerable Systems


BID - 11011

SECTRACK - 1011056

SECUNIA - 12353

FULLDISC - 20040831 Axis Network Camera and Video Server Security Advisory

XF - axis-directory-traversal(17079)

OSVDB - 9122

FULLDISC - 20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers

Last Updated: 27 May 2016 10:39:28