HTTP: WebNMS Framework Server FileUploadServlet Arbitrary File Upload
This signature detects attempts to exploit a known flaw in WebNMS Framework Server. A successful attack can result in directory traversal attacks.
Extended Description
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
Affected Products
Zohocorp webnms_framework
References
CVE: CVE-2016-6600
Short Name
HTTP:DIR:WEBNMS-FRAME-SERVER
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Arbitrary CVE-2016-6600 File FileUploadServlet Framework Server Upload WebNMS
Release Date
03/27/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3690
False Positive
Unknown
Vendors
Zohocorp