Apache HTTP Server Configuration Information Disclosure and Authentication Bypass Vulnerability in ZoneMinder v1.30 and v1.29

Apache HTTP Server Configuration Information Disclosure and Authentication Bypass Vulnerability in ZoneMinder v1.30 and v1.29

CVE-2016-10140 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI.

Learn more about our Cis Benchmark Audit For Apache Http Server.