Description
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Martin Eiszner · textremotemultiple
https://www.exploit-db.com/exploits/22296
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11440
Various Sources x_refsource_misc
http://www.websec.org/adv/axis2400.txt.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-03/0370.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6980
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-02/0377.html
Scores
EPSS
0.0425
EPSS Percentile
88.8%
Details
CWE
CWE-264
Status
published
Products (9)
axis/2400_video_server
2.0
axis/2400_video_server
2.20
axis/2400_video_server
2.31
axis/2400_video_server
2.32
axis/2400_video_server
2.33
axis/2401_video_server
2.20
axis/2401_video_server
2.31
axis/2401_video_server
2.32
axis/2401_video_server
2.33
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026