var-201702-0920
Vulnerability from variot
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. Moxa SoftCMS of Web The server does not properly validate the input, resulting in service disruption (DoS) There are vulnerabilities that are put into a state.Denial of service operation by passing an unexpected value by an attacker (DoS) There is a possibility of being put into a state. Moxa SoftCMS is a set of central management software developed by Moxa for large-scale monitoring systems. The software supports real-time video surveillance, video playback, and event management. An attacker exploiting the vulnerability could cause the application to crash. Moxa SoftCMS is prone to multiple security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0920",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softcms",
"scope": "eq",
"trust": 1.5,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "softcms",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.2"
},
{
"model": "softcms",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "softcms",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:softcms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhou Yu working with Trend Micro???s Zero Day Initiative and Gu Ziqiang from Huawei Weiran Labs.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
],
"trust": 0.6
},
"cve": "CVE-2016-9332",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-9332",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11355",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-98152",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-9332",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9332",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-9332",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-11355",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-431",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-98152",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "VULHUB",
"id": "VHN-98152"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. Moxa SoftCMS of Web The server does not properly validate the input, resulting in service disruption (DoS) There are vulnerabilities that are put into a state.Denial of service operation by passing an unexpected value by an attacker (DoS) There is a possibility of being put into a state. Moxa SoftCMS is a set of central management software developed by Moxa for large-scale monitoring systems. The software supports real-time video surveillance, video playback, and event management. An attacker exploiting the vulnerability could cause the application to crash. Moxa SoftCMS is prone to multiple security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9332"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "VULHUB",
"id": "VHN-98152"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-98152",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98152"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9332",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-322-02",
"trust": 2.8
},
{
"db": "BID",
"id": "94394",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "40779",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11355",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-16-615",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-98152",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "VULHUB",
"id": "VHN-98152"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
}
]
},
"id": "VAR-201702-0920",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "VULHUB",
"id": "VHN-98152"
}
],
"trust": 1.29090906
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
}
]
},
"last_update_date": "2024-11-23T22:18:05.752000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SoftCMS",
"trust": 0.8,
"url": "http://www.moxa.com/product/SoftCMS.htm"
},
{
"title": "Patch for Moxa SoftCMS input validation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84137"
},
{
"title": "Moxa SoftCMS Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65772"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98152"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-322-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94394"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/40779/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9332"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9332"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/product/softcms.htm"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-615/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "VULHUB",
"id": "VHN-98152"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "VULHUB",
"id": "VHN-98152"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
},
{
"db": "NVD",
"id": "CVE-2016-9332"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98152"
},
{
"date": "2016-11-17T00:00:00",
"db": "BID",
"id": "94394"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"date": "2016-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-431"
},
{
"date": "2017-02-13T21:59:01.503000",
"db": "NVD",
"id": "CVE-2016-9332"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"date": "2017-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-98152"
},
{
"date": "2016-12-20T16:03:00",
"db": "BID",
"id": "94394"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007634"
},
{
"date": "2016-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-431"
},
{
"date": "2024-11-21T03:00:58.483000",
"db": "NVD",
"id": "CVE-2016-9332"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa SoftCMS input validation vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11355"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-431"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…