What is the severity of CVE-2016-6600?

CVE-2016-6600 is classified as a high severity vulnerability due to its potential to allow remote code execution.

How do I fix CVE-2016-6600?

To fix CVE-2016-6600, apply the latest patches for ZOHO WebNMS Framework version 5.2 or 5.2 SP1.

What types of attacks can be executed due to CVE-2016-6600?

Attackers can exploit CVE-2016-6600 to upload and execute arbitrary JSP files on the server.

Which versions of ZOHO WebNMS Framework are affected by CVE-2016-6600?

CVE-2016-6600 affects ZOHO WebNMS Framework versions 5.2 and 5.2 SP1.

Is CVE-2016-6600 a web application vulnerability?

Yes, CVE-2016-6600 is a directory traversal vulnerability within the web application's file upload functionality.

Vulnerability/
CVE-2016-6600

critical

9.8

CWE

23/1/2017

20/4/2025

CVE-2016-6600: Path Traversal

First published: Mon Jan 23 2017(Updated: )

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
WebNMS Framework	=5.2
WebNMS Framework	=5.2-sp1
	=5.2
	=5.2-sp1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6600?
CVE-2016-6600 is classified as a high severity vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2016-6600?
To fix CVE-2016-6600, apply the latest patches for ZOHO WebNMS Framework version 5.2 or 5.2 SP1.
What types of attacks can be executed due to CVE-2016-6600?
Attackers can exploit CVE-2016-6600 to upload and execute arbitrary JSP files on the server.
Which versions of ZOHO WebNMS Framework are affected by CVE-2016-6600?
CVE-2016-6600 affects ZOHO WebNMS Framework versions 5.2 and 5.2 SP1.
Is CVE-2016-6600 a web application vulnerability?
Yes, CVE-2016-6600 is a directory traversal vulnerability within the web application's file upload functionality.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/author
agent/description
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/event
vendor/zohocorp
canonical/webnms framework
version/webnms framework/5.2
version/webnms framework/5.2-sp1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.