Intrusion Prevention

WebNMS.Framework.Session.ID.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure vulnerability in WebNMS Framework.
The vulnerability is caused by improper validation of user supplied data when the vulnerable application handles a maliciously crafted request. An attacker can exploit this to impersonate any users and obtain their authenticated session cookies.

Affected Products

WebNMS Framework 5.2 and 5.2 SP1

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

Recommended Actions

Apply the most recent upgrade or patch from the vendor
https://www.webnms.com/telecom/framework.html

CVE References

CVE-2016-6603