Main Vulnerability Database Vulnerabilities #VU36766

Cross-site scripting in Cobbler - CVE-2016-9605

Published: August 22, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36766

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-9605

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cobbler project

Affected software:
Cobbler

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.

How to mitigate CVE-2016-9605

Install update from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605

Cross-site scripting in Cobbler - CVE-2016-9605

Detailed vulnerability description

How to mitigate CVE-2016-9605

Sources

Please verify you're human