Web application abuses : WebNMS 5.2 / 5.2 SP1 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106242

Categoría: Web application abuses

Título: WebNMS 5.2 / 5.2 SP1 Multiple Vulnerabilities

Resumen: WebNMS Framework 5.2 / 5.2 SP1 is prone to multiple vulnerabilities.

Descripción: Summary:
WebNMS Framework 5.2 / 5.2 SP1 is prone to multiple vulnerabilities.

Vulnerability Insight:
WebNMS Framework allows unauthenticated remote attackers to:

- upload a JSP file by using a directory traversal attack on the FileUploadServlet servlet and gain remote code execution
under the user which the WebNMS server is running.

- allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml.

- read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.

- bypass authentication and impersonate arbitrary users via the UserName HTTP header.

Vulnerability Impact:
An unauthenticated remote attacker may execute arbitrary code under the
user which the WebNMS server is running and to gain access to sensitive data on the host.

Affected Software/OS:
WebNMS Framework Server 5.2 and 5.2 SP1

Solution:
See the referenced for a mitigation procedure.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-6600
BugTraq ID: 92402
http://www.securityfocus.com/bid/92402
Bugtraq: 20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 (Google Search)
http://www.securityfocus.com/archive/1/539159/100/0/threaded
https://www.exploit-db.com/exploits/40229/
http://seclists.org/fulldisclosure/2016/Aug/54
http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html
https://blogs.securiteam.com/index.php/archives/2712
https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
Common Vulnerability Exposure (CVE) ID: CVE-2016-6601
http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure
http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download
Common Vulnerability Exposure (CVE) ID: CVE-2016-6602
Common Vulnerability Exposure (CVE) ID: CVE-2016-6603

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106242
Categoría:	Web application abuses
Título:	WebNMS 5.2 / 5.2 SP1 Multiple Vulnerabilities
Resumen:	WebNMS Framework 5.2 / 5.2 SP1 is prone to multiple vulnerabilities.
Descripción:	Summary: WebNMS Framework 5.2 / 5.2 SP1 is prone to multiple vulnerabilities. Vulnerability Insight: WebNMS Framework allows unauthenticated remote attackers to: - upload a JSP file by using a directory traversal attack on the FileUploadServlet servlet and gain remote code execution under the user which the WebNMS server is running. - allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. - read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. - bypass authentication and impersonate arbitrary users via the UserName HTTP header. Vulnerability Impact: An unauthenticated remote attacker may execute arbitrary code under the user which the WebNMS server is running and to gain access to sensitive data on the host. Affected Software/OS: WebNMS Framework Server 5.2 and 5.2 SP1 Solution: See the referenced for a mitigation procedure. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6600 BugTraq ID: 92402 http://www.securityfocus.com/bid/92402 Bugtraq: 20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 (Google Search) http://www.securityfocus.com/archive/1/539159/100/0/threaded https://www.exploit-db.com/exploits/40229/ http://seclists.org/fulldisclosure/2016/Aug/54 http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html https://blogs.securiteam.com/index.php/archives/2712 https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt Common Vulnerability Exposure (CVE) ID: CVE-2016-6601 http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download Common Vulnerability Exposure (CVE) ID: CVE-2016-6602 Common Vulnerability Exposure (CVE) ID: CVE-2016-6603
Copyright	Copyright (C) 2016 Greenbone AG