CVE-2016-6601 - OpenCVE

Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Zohocorp	Webnms Framework

Configuration 1 [-]

OR	cpe:2.3:a:zohocorp:webnms_framework:5.2:::::::*
	cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1::::::

References

Link	Resource
http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html	Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2016/Aug/54	Exploit Mailing List
http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure	Third Party Advisory
http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download	Third Party Advisory
http://www.securityfocus.com/archive/1/539159/100/0/threaded
http://www.securityfocus.com/bid/92402	Third Party Advisory VDB Entry
https://blogs.securiteam.com/index.php/archives/2712	Exploit Technical Description Third Party Advisory
https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them
https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt	Exploit
https://www.exploit-db.com/exploits/40229/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-23T21:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2016-08-04T00:00:00

Link: CVE-2016-6601

JSON object: View

NVD Information

Status : Modified

Published: 2017-01-23T21:59:02.220

Modified: 2018-10-09T20:00:46.383

Link: CVE-2016-6601

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-04T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20160812 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Aug/54"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them"}, {"name": "92402", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92402"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download"}, {"name": "40229", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40229/"}, {"name": "20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/539159/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html"}, {"tags": ["x_refsource_MISC"], "url": "https://blogs.securiteam.com/index.php/archives/2712"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6601", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20160812 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Aug/54"}, {"name": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them", "refsource": "CONFIRM", "url": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them"}, {"name": "92402", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92402"}, {"name": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download"}, {"name": "40229", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40229/"}, {"name": "20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/539159/100/0/threaded"}, {"name": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure"}, {"name": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html"}, {"name": "https://blogs.securiteam.com/index.php/archives/2712", "refsource": "MISC", "url": "https://blogs.securiteam.com/index.php/archives/2712"}, {"name": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt", "refsource": "MISC", "url": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6601", "datePublished": "2017-01-23T21:00:00", "dateReserved": "2016-08-04T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "B943C917-C61B-4F29-AC4D-83D9D505BEA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*", "matchCriteriaId": "046C8EB2-592F-4D1D-9C53-1C628D6FA903", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la funcionalidad de descarga de archivos en ZOHO WebNMS Framework 5.2 y 5.2 SP1 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro fileName para servlets/FetchFile."}], "id": "CVE-2016-6601", "lastModified": "2018-10-09T20:00:46.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-23T21:59:02.220", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List"], "url": "http://seclists.org/fulldisclosure/2016/Aug/54"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/539159/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92402"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://blogs.securiteam.com/index.php/archives/2712"}, {"source": "cve@mitre.org", "url": "https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.exploit-db.com/exploits/40229/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}