Lucene search
HarnnlessSSV:92358HistoryAug 30, 2016 - 12:00 a.m.
WebNMS Framework 5.2SP1 File Upload
2016-08-3000:00:00
Harnnless
www.seebug.org
12
0.975 High
EPSS
Percentile
100.0%
WebNMS 是一个业界领先的用于构建网络管理应用的架构。上传功能存在目录遍历及远程代码执行漏洞。
漏洞细节
FileUploadServlet允许未登录上传JSP文件。提交如下 POST 请求:
POST /servlets/FileUploadServlet?fileName=…/jsp/Login.jsp HTTP/1.1
<JSP payload here>
下载官方Windows试用版软件测试通过:
http://www.webnms.com/webnms/14107380/WebNMS_Framework_5_STD_Windows.exe
其它信息
- 漏洞发现者:Pedro Ribeiro <pedrib[at]gmail.com>
- CVE编号:CVE-2016-6600
- 影响版本:<= 5.2SP1
- 漏洞公开日期:2016年7月4日
Related
prion
prion
Directory traversal
2017-01-23 21:59:00
checkpoint_advisories
checkpoint_advisories
WebNMS Framework Server Arbitrary File Upload (CVE-2016-6600)
2016-08-25 00:00:00
cvelist
cvelist
CVE-2016-6600
2017-01-23 21:00:00
nvd
nvd
CVE-2016-6600
2017-01-23 21:59:02
cve
cve
CVE-2016-6600
2017-01-23 21:59:02
packetstorm
packetstorm
WebNMS Framework 5.2 SP1 Traversal / Weak Obfuscation / User Impersonation
2016-08-08 00:00:00
zdt
zdt
WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities
2016-08-10 00:00:00
openvas
openvas
WebNMS 5.2 / 5.2 SP1 Multiple Vulnerabilities
2016-09-13 00:00:00
exploitpack
exploitpack
WebNMS Framework Server 5.25.2 SP1 - Multiple Vulnerabilities
2016-08-10 00:00:00
exploitdb
exploitdb
WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities
2016-08-10 00:00:00