What is CVE-2016-9605?

CVE-2016-9605 is a vulnerability in the cobbler software component version 2.6.11-1 that allows for arbitrary file reading due to an invalid parameter validation flaw.

How severe is CVE-2016-9605?

CVE-2016-9605 has a severity rating of 6.1, which is considered medium severity.

How does CVE-2016-9605 affect cobbler?

CVE-2016-9605 affects cobbler software component version 2.6.11-1 by allowing for arbitrary file reading through a vulnerable URL in cobbler-web.

How can I fix CVE-2016-9605?

To fix CVE-2016-9605, it is recommended to update cobbler software component to a version that is not affected by the vulnerability.

Where can I find more information about CVE-2016-9605?

More information about CVE-2016-9605 can be found on the NVD (National Vulnerability Database) website and the Red Hat Bugzilla website.

Vulnerability/
CVE-2016-9605

medium

6.1

CWE

22/8/2018

13/5/2022

6/8/2024

CVE-2016-9605: XSS

First published: Wed Aug 22 2018(Updated: )

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Cobbler Project Cobbler	=2.6.11-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2016-9605?
CVE-2016-9605 is a vulnerability in the cobbler software component version 2.6.11-1 that allows for arbitrary file reading due to an invalid parameter validation flaw.
How severe is CVE-2016-9605?
CVE-2016-9605 has a severity rating of 6.1, which is considered medium severity.
How does CVE-2016-9605 affect cobbler?
CVE-2016-9605 affects cobbler software component version 2.6.11-1 by allowing for arbitrary file reading through a vulnerable URL in cobbler-web.
How can I fix CVE-2016-9605?
To fix CVE-2016-9605, it is recommended to update cobbler software component to a version that is not affected by the vulnerability.
Where can I find more information about CVE-2016-9605?
More information about CVE-2016-9605 can be found on the NVD (National Vulnerability Database) website and the Red Hat Bugzilla website.

collector/nvd-index
collector/nvd-cve
collector/github-advisory-latest
alias/GHSA-4vc9-4xpq-77vm
alias/CVE-2016-9605
collector/github-advisory
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/last-modified-date
agent/weakness
agent/event
agent/tags
agent/first-publish-date
agent/description
agent/trending
vendor/cobbler project
canonical/cobbler project cobbler
version/cobbler project cobbler/2.6.11-1
package-manager/pip

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.