漏洞标题
N/A
漏洞描述信息
AXIS Camera Station Pro 漏洞赏金计划成员Seth Fogie发现,经过身份验证的恶意客户端有可能通过篡改AXIS Camera Station的审计日志创建,或通过恶意构造的审计日志条目对AXIS Camera Station服务器执行拒绝服务攻击。
Axis已为此漏洞发布了修复版本。详情和解决方案请参阅Axis安全公告。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
漏洞类别
输入验证不恰当
漏洞标题
N/A
漏洞描述信息
Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
CVSS信息
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
漏洞类别
日志输出的转义处理不恰当
漏洞标题
AXIS Camera Station Pro 安全漏洞
漏洞描述信息
AXIS Camera Station Pro是瑞典安讯士(AXIS)公司的一个强大且灵活的视频管理和访问控制。 AXIS Camera Station Pro 6.5之前版本存在安全漏洞,该漏洞源于经过认证的恶意客户端可以篡改审计日志创建,或通过恶意构建的审计日志条目对服务器执行拒绝服务攻击。
CVSS信息
N/A
漏洞类别
其他