Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveVulDBCVE-2016-15023
HistoryJan 31, 2023 - 8:15 p.m.

CVE-2016-15023

2023-01-3120:15:09
CWE-22
VulDB
web.nvd.nist.gov
46
cve-2016-15023
sitefusion
application server
path traversal
vulnerability
upgrade
vdb-219765
nvd

CVSS2

2.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

43.8%

JSON

A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The identifier of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability.

Affected configurations

Nvd
Vulners
Node
sitefusionapplication_serverRange<6.6.7
VendorProductVersionCPE
sitefusionapplication_server*cpe:2.3:a:sitefusion:application_server:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "SiteFusion",
    "product": "Application Server",
    "versions": [
      {
        "version": "6.6.0",
        "status": "affected"
      },
      {
        "version": "6.6.1",
        "status": "affected"
      },
      {
        "version": "6.6.2",
        "status": "affected"
      },
      {
        "version": "6.6.3",
        "status": "affected"
      },
      {
        "version": "6.6.4",
        "status": "affected"
      },
      {
        "version": "6.6.5",
        "status": "affected"
      },
      {
        "version": "6.6.6",
        "status": "affected"
      }
    ],
    "modules": [
      "Extension Handler"
    ]
  }
]

Related

nvd 1
cvelist 1
osv 1
prion 1
nvd
nvd
CVE-2016-15023
2023-01-31 20:15:09
cvelist
cvelist
CVE-2016-15023 SiteFusion Application Server Extension getextension.php path traversal
2023-01-31 19:58:03
osv
osv
CVE-2016-15023
2023-01-31 20:15:09
prion
prion
Path traversal
2023-01-31 20:15:00

CVSS2

2.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

43.8%

JSON
Related for CVE-2016-15023
nvd1cvelist1osv1prion1