| VID |
22334 |
| Severity |
30 |
| Port |
8080 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
A version of Active WebCam which is older or equal to 5.5 is detected as running on the host. PY Software' Active WebCam is a shareware program for capturing video streams from video devices for Microsoft Windows platforms. Active Webcam webserver versions 5.5 and earlier have multiple vulnerabilities. The following individual issues are reported:
1) A denial of service is reported to manifest when a request is received for a file that exists on a floppy drive.
2) A denial of service is reported to exist when the 'Filelist.html' file is requested.
3) An installation path disclosure vulnerability is reported to affect Active Webcam. It is reported that a request for a non-existent file will result in an error message that contains the installation path of the software.
4) An information disclosure vulnerability is reported to affect Active Webcam. It is reported that this vulnerability exists because different error messages are returned to a request for a file depending on whether the file exists or not.
* Note: This check solely relied on the version number of the remote web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0216.html
http://secway.org/advisory/ad20050104.txt
* Platforms Affected:
PY Software, Active WebCam 4.3
PY Software, Active WebCam 5.5
Microsoft Windows Any version |
| Recommendation |
Upgrade to the new version of Active Webcam (5.5 later) from the Active Webcam Web site at http://www.pysoft.com/ActiveWebCamMainpage.htm |
| Related URL |
CVE-2005-0730,CVE-2005-0731,CVE-2005-0732,CVE-2005-0733,CVE-2005-0734 (CVE) |
| Related URL |
12778 (SecurityFocus) |
| Related URL |
19647,19650,19652,19653,19654 (ISS) |
|
