CVE-2016-10140
HIGHApache HTTP Server/ZoneMinder <1.30-1.29 - Info Disclosure
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2016-10140. PoCs published by asaotomo.
AI-analyzed exploit summary This repository contains a functional Python script that exploits CVE-2016-10140, an authentication bypass and information disclosure vulnerability in ZoneMinder v1.30 and v1.29. The exploit sends a crafted HTTP request to read arbitrary files (e.g., /etc/passwd) via path traversal.
Description
Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.
Exploits (1)
This repository contains a functional Python script that exploits CVE-2016-10140, an authentication bypass and information disclosure vulnerability in ZoneMinder v1.30 and v1.29. The exploit sends a crafted HTTP request to read arbitrary files (e.g., /etc/passwd) via path traversal.
References (5)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N