CVE-2016-8360 - An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL reque

CVE-2016-8360

Summary

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code.

References

Vulnerable Configurations

cpe:2.3:a:moxa:softcms:1.2:*:*:*:*:*:*:*
cpe:2.3:a:moxa:softcms:1.2:*:*:*:*:*:*:*
cpe:2.3:a:moxa:softcms:1.3:*:*:*:*:*:*:*
cpe:2.3:a:moxa:softcms:1.3:*:*:*:*:*:*:*
cpe:2.3:a:moxa:softcms:1.4:*:*:*:*:*:*:*
cpe:2.3:a:moxa:softcms:1.4:*:*:*:*:*:*:*
cpe:2.3:a:moxa:softcms:1.5:*:*:*:*:*:*:*
cpe:2.3:a:moxa:softcms:1.5:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 17-02-2017 - 15:12)
Impact:
Exploitability:

CWE

CWE-415

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	94394
misc	https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02

Last major update

17-02-2017 - 15:12

Published

13-02-2017 - 21:59

Last modified

17-02-2017 - 15:12