CVE-2016-6600 - OpenCVE

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Zohocorp	Webnms Framework

Configuration 1 [-]

OR	cpe:2.3:a:zohocorp:webnms_framework:5.2:::::::*
	cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1::::::

References

Link	Resource
http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html	Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2016/Aug/54	Exploit Mailing List
http://www.securityfocus.com/archive/1/539159/100/0/threaded
http://www.securityfocus.com/bid/92402	Third Party Advisory VDB Entry
https://blogs.securiteam.com/index.php/archives/2712	Exploit Technical Description Third Party Advisory
https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them
https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt	Exploit
https://www.exploit-db.com/exploits/40229/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-23T21:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2016-08-04T00:00:00

Link: CVE-2016-6600

JSON object: View

NVD Information

Status : Modified

Published: 2017-01-23T21:59:02.173

Modified: 2018-10-09T20:00:45.727

Link: CVE-2016-6600

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-04T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20160812 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Aug/54"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them"}, {"name": "92402", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92402"}, {"name": "40229", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40229/"}, {"name": "20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/539159/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html"}, {"tags": ["x_refsource_MISC"], "url": "https://blogs.securiteam.com/index.php/archives/2712"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6600", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20160812 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Aug/54"}, {"name": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them", "refsource": "CONFIRM", "url": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them"}, {"name": "92402", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92402"}, {"name": "40229", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40229/"}, {"name": "20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/539159/100/0/threaded"}, {"name": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html"}, {"name": "https://blogs.securiteam.com/index.php/archives/2712", "refsource": "MISC", "url": "https://blogs.securiteam.com/index.php/archives/2712"}, {"name": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt", "refsource": "MISC", "url": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6600", "datePublished": "2017-01-23T21:00:00", "dateReserved": "2016-08-04T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "B943C917-C61B-4F29-AC4D-83D9D505BEA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*", "matchCriteriaId": "046C8EB2-592F-4D1D-9C53-1C628D6FA903", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio la funcionalidad de carga de archivos en ZOHO WebNMS Framework 5.2 y 5.2 SP1 permite a atacantes remotos cargar y ejecutar archivos JSP arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro fileName para servlets/FileUploadServlet."}], "id": "CVE-2016-6600", "lastModified": "2018-10-09T20:00:45.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-23T21:59:02.173", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List"], "url": "http://seclists.org/fulldisclosure/2016/Aug/54"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/539159/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92402"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://blogs.securiteam.com/index.php/archives/2712"}, {"source": "cve@mitre.org", "url": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.exploit-db.com/exploits/40229/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}