CVE-2016-6601
🟡 Monitoruj
Luka w przejściu katalogów w ZOHO WebNMS umożliwia zdalne odczytanie dowolnych plików.
CVSS
7.5
EPSS
92.8%
Exploit
poc
Vendor
zohocorp
Opis źródłowy (NVD)
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
exploit path-traversal
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 92.8% |
| Opublikowano (NVD) | 2017-01-23 21:59:02 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-13 00:24:29 UTC |
Referencje
- http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html (cve@mitre.org) [Exploit, Third Party Advisory]
- http://seclists.org/fulldisclosure/2016/Aug/54 (cve@mitre.org) [Exploit, Mailing List]
- http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure (cve@mitre.org) [Third Party Advisory]
- http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download (cve@mitre.org) [Third Party Advisory]
- http://www.securityfocus.com/archive/1/539159/100/0/threaded (cve@mitre.org)
- http://www.securityfocus.com/bid/92402 (cve@mitre.org) [Third Party Advisory, VDB Entry]
- https://blogs.securiteam.com/index.php/archives/2712 (cve@mitre.org) [Exploit, Technical Description, Third Party Advisory]
- https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them (cve@mitre.org)
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt (cve@mitre.org) [Exploit]
- https://www.exploit-db.com/exploits/40229/ (cve@mitre.org) [Exploit, Third Party Advisory]