Описание
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-6603
- https://blogs.securiteam.com/index.php/archives/2712
- https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
- https://www.exploit-db.com/exploits/40229
- http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html
- http://seclists.org/fulldisclosure/2016/Aug/54
- http://www.securityfocus.com/archive/1/539159/100/0/threaded
- http://www.securityfocus.com/bid/92402
Связанные уязвимости
CVSS3: 9.8
nvd
около 9 лет назад
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.