CVE-2016-10140 — Sensitive Information Exposure in Zoneminder

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

7.5HIGHNVD

EPSS

34.2%

top 3.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zoneminder Debian Zoneminder

Timeline

PublishedJan 13

Latest updateMay 17

Description

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/zoneminder< zoneminder 1.30.4+dfsg-1 (bookworm)

▶Debianzoneminder/zoneminder< 1.30.4+dfsg-1+3

▶NVDzoneminder/zoneminder1.30.0

🔴Vulnerability Details

GHSA

GHSA-qgrq-7wwj-vr5c: Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1↗2022-05-17

▶

OSV

CVE-2016-10140: Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1↗2017-01-13

▶

📋Vendor Advisories

Debian

CVE-2016-10140: zoneminder - Information disclosure and authentication bypass vulnerability exists in the Apa...↗2016

▶

💬Community

Bugzilla

CVE-2016-10140 zoneminder: Information disclosure and authentication bypass [fedora-all]↗2017-01-17

▶

Bugzilla

CVE-2016-10140 zoneminder: Information disclosure and authentication bypass↗2017-01-17

▶