VAR-201702-0307
Vulnerability from variot - Updated: 2023-12-18 13:14An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. Moxa SoftCMS Will change the memory area, disturb service operation (DoS) Vulnerabilities exist that could be put into a state or execute arbitrary code.Denial of service caused by attacker changing memory area (DoS) Could be put into a state or execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of requests to the web server. A crafted URL can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator. Moxa SoftCMS is a set of central management software developed by Moxa for large-scale monitoring systems. The software supports real-time video surveillance, video playback, and event management. Moxa SoftCMS is prone to multiple security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0307",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softcms",
"scope": "eq",
"trust": 1.5,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "softcms",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.2"
},
{
"model": "softcms",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "softcms",
"scope": null,
"trust": 0.7,
"vendor": "moxa",
"version": null
},
{
"model": "softcms",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.6"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-615"
},
{
"db": "CNVD",
"id": "CNVD-2016-11356"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007633"
},
{
"db": "NVD",
"id": "CVE-2016-8360"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-432"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:moxa:softcms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8360"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhou Yu",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-615"
}
],
"trust": 0.7
},
"cve": "CVE-2016-8360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8360",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2016-8360",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11356",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-97180",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8360",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8360",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2016-8360",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-11356",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-432",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97180",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-615"
},
{
"db": "CNVD",
"id": "CNVD-2016-11356"
},
{
"db": "VULHUB",
"id": "VHN-97180"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007633"
},
{
"db": "NVD",
"id": "CVE-2016-8360"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-432"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. Moxa SoftCMS Will change the memory area, disturb service operation (DoS) Vulnerabilities exist that could be put into a state or execute arbitrary code.Denial of service caused by attacker changing memory area (DoS) Could be put into a state or execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of requests to the web server. A crafted URL can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator. Moxa SoftCMS is a set of central management software developed by Moxa for large-scale monitoring systems. The software supports real-time video surveillance, video playback, and event management. Moxa SoftCMS is prone to multiple security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007633"
},
{
"db": "ZDI",
"id": "ZDI-16-615"
},
{
"db": "CNVD",
"id": "CNVD-2016-11356"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "VULHUB",
"id": "VHN-97180"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8360",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-16-322-02",
"trust": 2.8
},
{
"db": "BID",
"id": "94394",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-16-615",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007633",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4032",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201611-432",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11356",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97180",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-615"
},
{
"db": "CNVD",
"id": "CNVD-2016-11356"
},
{
"db": "VULHUB",
"id": "VHN-97180"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007633"
},
{
"db": "NVD",
"id": "CVE-2016-8360"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-432"
}
]
},
"id": "VAR-201702-0307",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11356"
},
{
"db": "VULHUB",
"id": "VHN-97180"
}
],
"trust": 1.29090906
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11356"
}
]
},
"last_update_date": "2023-12-18T13:14:25.276000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SoftCMS",
"trust": 0.8,
"url": "http://www.moxa.com/product/softcms.htm"
},
{
"title": "Moxa has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-322-02"
},
{
"title": "Patch for Moxa SoftCMS Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/84135"
},
{
"title": "Moxa SoftCMS Double release vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65773"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-615"
},
{
"db": "CNVD",
"id": "CNVD-2016-11356"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007633"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-415",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97180"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007633"
},
{
"db": "NVD",
"id": "CVE-2016-8360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-322-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94394"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8360"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8360"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/product/softcms.htm"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-615/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-615"
},
{
"db": "CNVD",
"id": "CNVD-2016-11356"
},
{
"db": "VULHUB",
"id": "VHN-97180"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007633"
},
{
"db": "NVD",
"id": "CVE-2016-8360"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-432"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-615"
},
{
"db": "CNVD",
"id": "CNVD-2016-11356"
},
{
"db": "VULHUB",
"id": "VHN-97180"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007633"
},
{
"db": "NVD",
"id": "CVE-2016-8360"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-432"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-23T00:00:00",
"db": "ZDI",
"id": "ZDI-16-615"
},
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11356"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97180"
},
{
"date": "2016-11-17T00:00:00",
"db": "BID",
"id": "94394"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007633"
},
{
"date": "2017-02-13T21:59:00.987000",
"db": "NVD",
"id": "CVE-2016-8360"
},
{
"date": "2016-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-432"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-23T00:00:00",
"db": "ZDI",
"id": "ZDI-16-615"
},
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11356"
},
{
"date": "2017-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-97180"
},
{
"date": "2016-12-20T16:03:00",
"db": "BID",
"id": "94394"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007633"
},
{
"date": "2017-02-17T15:12:41.147000",
"db": "NVD",
"id": "CVE-2016-8360"
},
{
"date": "2016-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-432"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-432"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa SoftCMS Vulnerability to change memory area",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007633"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-432"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…