Keene Digital Media Server < 1.0.4 Directory Traversal and Authentication Bypass

medium Nessus Network Monitor Plugin ID 2165

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running Keene Digital Media Server, a web application for Microsoft Windows designed to share media files on the Internet. The version installed on the remote host has been reported prone to several vulnerabilities including a directory traversal issue and an authentication bypass issue. An attacker may gain read access on files outside the web root or access the administrative module without authentication.

Solution

Upgrade to version 1.0.4 or higher.

Plugin Details

Severity: Medium

ID: 2165

Family: Web Servers

Published: 8/27/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:keene:digital_media_server

Reference Information

CVE: CVE-2004-2419

BID: 10933