Poveikis
Nuotolinis, neautentifikuotas užpuolikas gali naršyti katalogus ZoneMinder diegimo [S1] žiniatinklio šaknyje. This exposure allows for the disclosure of sensitive system information and can lead to a complete authentication bypass, granting unauthorized access to the application's management interface [S1].
Pagrindinė priežastis
Pažeidžiamumą sukelia ydinga Apache HTTP serverio konfigūracija, susieta su ZoneMinder 1.29 ir 1.30 [S1] versijomis. The configuration fails to restrict directory indexing, which results in the web server serving directory listings to unauthenticated users [S1].
Ištaisymas
To address this issue, administrators should update ZoneMinder to a version that includes a corrected web server configuration [S1]. If an immediate upgrade is not possible, the Apache configuration files associated with the ZoneMinder installation should be manually hardened to disable directory indexing and enforce strict access controls on the web root [S1].
Aptikimo tyrimai
Research into this vulnerability indicates that detection involves identifying ZoneMinder instances and attempting to access the web root or known subdirectories without authentication [S1]. A vulnerable state is typically indicated by the presence of standard directory listing patterns, such as the "Index of /" string, in the HTTP response body when no valid session is present [S1].