Lucene search
www.seebug.orgSSV:92361HistoryAug 30, 2016 - 12:00 a.m.
WebNMS Framework 5.2SP1 Login Bypass
2016-08-3000:00:00
www.seebug.org
33
0.952 High
EPSS
Percentile
99.3%
Summary
WebNMS is an industry-leading used to build network management applications architecture. By submitting a custom headers parameter can directly obtain the session Cookie, skip login authentication.
Vulnerability details
Submit the following Get request HTTP header, add a UserName specify a user name, returns the JSESSIONID Cookie can be directly used for session authentication.
GET /servlets/GetChallengeServlet HTTP/1.1 UserName: root
Download the official Windows trial version software testing by: http://www.webnms.com/webnms/14107380/WebNMS_Framework_5_STD_Windows.exe
Other information
- Vulnerability discovered by: Pedro Ribeiro
- CVE number: CVE-2016-6603
- Affect version:<= 5. 2SP1
Related
cvelist
cvelist
CVE-2016-6603
2017-01-23 21:00:00
nvd
nvd
CVE-2016-6603
2017-01-23 21:59:02
cve
cve
CVE-2016-6603
2017-01-23 21:59:02
prion
prion
Authentication flaw
2017-01-23 21:59:00
packetstorm
packetstorm
WebNMS Framework 5.2 SP1 Traversal / Weak Obfuscation / User Impersonation
2016-08-08 00:00:00
zdt
zdt
WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities
2016-08-10 00:00:00
exploitpack
exploitpack
WebNMS Framework Server 5.25.2 SP1 - Multiple Vulnerabilities
2016-08-10 00:00:00
openvas
openvas
WebNMS 5.2 / 5.2 SP1 Multiple Vulnerabilities
2016-09-13 00:00:00
exploitdb
exploitdb
WebNMS Framework Server 5.2/5.2 SP1 - Multiple Vulnerabilities
2016-08-10 00:00:00