Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2016-6601

Published: 23/01/2017 Updated: 09/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote malicious users to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.

Vulnerable Product Search on Vulmon Subscribe to Product

zohocorp webnms framework 5.2

Exploits

Exploit DB: WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities
>> Multiple vulnerabilities in WebNMS Framework Server 52 and 52 SP1 >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ========================================================================== Disclosure: 04/07/2016 / Last updated: 08/08/2016 >> Background on the affected product: "WebNMS is an indu ...
Exploit DB: WebNMS Framework 5.2 SP1 Traversal / Weak Obfuscation / User Impersonation
WebNMS Framework versions 52 and 52 SP1 suffer from directory traversal, code execution, weak obfuscation, and user impersonation vulnerabilities ...

References

CWE-22https://www.exploit-db.com/exploits/40229/https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txthttps://blogs.securiteam.com/index.php/archives/2712http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_downloadhttp://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosurehttp://seclists.org/fulldisclosure/2016/Aug/54http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.htmlhttp://www.securityfocus.com/bid/92402https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-themhttp://www.securityfocus.com/archive/1/539159/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/40229/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073CVE-2024-5496CVE-2024-5495XPath injectionbypassCVE-2024-30043CVE-2024-24919denial of serviceCVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook