VAR-201702-0920
Vulnerability from variot - Updated: 2023-12-18 13:14An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. Moxa SoftCMS of Web The server does not properly validate the input, resulting in service disruption (DoS) There are vulnerabilities that are put into a state.Denial of service operation by passing an unexpected value by an attacker (DoS) There is a possibility of being put into a state. Moxa SoftCMS is a set of central management software developed by Moxa for large-scale monitoring systems. The software supports real-time video surveillance, video playback, and event management. An attacker exploiting the vulnerability could cause the application to crash. Moxa SoftCMS is prone to multiple security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0920",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softcms",
"scope": "eq",
"trust": 1.5,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "softcms",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.2"
},
{
"model": "softcms",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "softcms",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:moxa:softcms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9332"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhou Yu working with Trend Micro???s Zero Day Initiative and Gu Ziqiang from Huawei Weiran Labs.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
],
"trust": 0.6
},
"cve": "CVE-2016-9332",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-9332",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11355",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-98152",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-9332",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9332",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-11355",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-431",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-98152",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "VULHUB",
"id": "VHN-98152"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. Moxa SoftCMS of Web The server does not properly validate the input, resulting in service disruption (DoS) There are vulnerabilities that are put into a state.Denial of service operation by passing an unexpected value by an attacker (DoS) There is a possibility of being put into a state. Moxa SoftCMS is a set of central management software developed by Moxa for large-scale monitoring systems. The software supports real-time video surveillance, video playback, and event management. An attacker exploiting the vulnerability could cause the application to crash. Moxa SoftCMS is prone to multiple security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9332"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "VULHUB",
"id": "VHN-98152"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-98152",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98152"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9332",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-322-02",
"trust": 2.8
},
{
"db": "BID",
"id": "94394",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "40779",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11355",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-16-615",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-98152",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "VULHUB",
"id": "VHN-98152"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
]
},
"id": "VAR-201702-0920",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "VULHUB",
"id": "VHN-98152"
}
],
"trust": 1.29090906
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
}
]
},
"last_update_date": "2023-12-18T13:14:24.810000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SoftCMS",
"trust": 0.8,
"url": "http://www.moxa.com/product/softcms.htm"
},
{
"title": "Patch for Moxa SoftCMS input validation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/84137"
},
{
"title": "Moxa SoftCMS Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65772"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98152"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-322-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94394"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/40779/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9332"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9332"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/product/softcms.htm"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-615/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "VULHUB",
"id": "VHN-98152"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "VULHUB",
"id": "VHN-98152"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98152"
},
{
"date": "2016-11-17T00:00:00",
"db": "BID",
"id": "94394"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"date": "2017-02-13T21:59:01.503000",
"db": "NVD",
"id": "CVE-2016-9332"
},
{
"date": "2016-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"date": "2017-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-98152"
},
{
"date": "2016-12-20T16:03:00",
"db": "BID",
"id": "94394"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"date": "2017-09-03T01:29:15.327000",
"db": "NVD",
"id": "CVE-2016-9332"
},
{
"date": "2016-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa SoftCMS input validation vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…