Apache HTTP Server Configuration Information Disclosure and Authentication Bypass Vulnerability in ZoneMinder v1.30 and v1.29
CVE-2016-10140 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.
Learn more about our Cis Benchmark Audit For Apache Http Server.