CVE-2016-2058

Xymon 4.3.x Buffer Overflow / Code Execution / Information Disclosure

Severity Score

5.4

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page.

Múltiples vulnerabilidades de XSS en Xymon 4.1.x, 4.2.x y 4.3.x en versiones anteriores a 4.3.25 permiten a (1) clientes remotos Xymon inyectar secuencias de comandos web o HTML arbitrarios a través de un mensaje de estado, que no se maneja correctamente en la página "detailed status", o (2) usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un mensaje de reconocimiento, que no se maneja correctamente en la página "status".

Xymon 4.3.x versions suffers from buffer overflow, information disclosure, code execution, cross site scripting, and various other vulnerabilities.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-01-25 CVE Reserved
2016-02-15 CVE Published
2023-03-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (4)

URL	Tag	Source
http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html	X_refsource_misc
http://www.securityfocus.com/archive/1/537522/100/0/threaded	Mailing List

URL	Date	SRC

URL	Date	SRC
https://sourceforge.net/p/xymon/code/7892	2018-10-09

URL	Date	SRC
http://www.debian.org/security/2016/dsa-3495	2018-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.1.0 Search vendor "Xymon" for product "Xymon" and version "4.1.0"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.1.1 Search vendor "Xymon" for product "Xymon" and version "4.1.1"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.1.2 Search vendor "Xymon" for product "Xymon" and version "4.1.2"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.1.2 Search vendor "Xymon" for product "Xymon" and version "4.1.2"		p1		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.1.2 Search vendor "Xymon" for product "Xymon" and version "4.1.2"		p2		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.2 Search vendor "Xymon" for product "Xymon" and version "4.2"		alfa		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.2 Search vendor "Xymon" for product "Xymon" and version "4.2"		beta20060605		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.2 Search vendor "Xymon" for product "Xymon" and version "4.2"		rc20060712		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.2.0 Search vendor "Xymon" for product "Xymon" and version "4.2.0"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.2.2 Search vendor "Xymon" for product "Xymon" and version "4.2.2"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.2.2 Search vendor "Xymon" for product "Xymon" and version "4.2.2"		rc1		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.2.3 Search vendor "Xymon" for product "Xymon" and version "4.2.3"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.2.3 Search vendor "Xymon" for product "Xymon" and version "4.2.3"		rc1		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.0 Search vendor "Xymon" for product "Xymon" and version "4.3.0"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.0 Search vendor "Xymon" for product "Xymon" and version "4.3.0"		beta1		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.0 Search vendor "Xymon" for product "Xymon" and version "4.3.0"		beta2		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.0 Search vendor "Xymon" for product "Xymon" and version "4.3.0"		beta3		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.0 Search vendor "Xymon" for product "Xymon" and version "4.3.0"		rc1		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.1 Search vendor "Xymon" for product "Xymon" and version "4.3.1"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.2 Search vendor "Xymon" for product "Xymon" and version "4.3.2"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.3 Search vendor "Xymon" for product "Xymon" and version "4.3.3"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.4 Search vendor "Xymon" for product "Xymon" and version "4.3.4"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.5 Search vendor "Xymon" for product "Xymon" and version "4.3.5"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.6 Search vendor "Xymon" for product "Xymon" and version "4.3.6"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.7 Search vendor "Xymon" for product "Xymon" and version "4.3.7"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.8 Search vendor "Xymon" for product "Xymon" and version "4.3.8"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.9 Search vendor "Xymon" for product "Xymon" and version "4.3.9"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.10 Search vendor "Xymon" for product "Xymon" and version "4.3.10"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.11 Search vendor "Xymon" for product "Xymon" and version "4.3.11"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.12 Search vendor "Xymon" for product "Xymon" and version "4.3.12"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.13 Search vendor "Xymon" for product "Xymon" and version "4.3.13"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.14 Search vendor "Xymon" for product "Xymon" and version "4.3.14"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.15 Search vendor "Xymon" for product "Xymon" and version "4.3.15"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.16 Search vendor "Xymon" for product "Xymon" and version "4.3.16"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.17 Search vendor "Xymon" for product "Xymon" and version "4.3.17"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.18 Search vendor "Xymon" for product "Xymon" and version "4.3.18"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.19 Search vendor "Xymon" for product "Xymon" and version "4.3.19"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.19 Search vendor "Xymon" for product "Xymon" and version "4.3.19"		rc1		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.20 Search vendor "Xymon" for product "Xymon" and version "4.3.20"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.21 Search vendor "Xymon" for product "Xymon" and version "4.3.21"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.22 Search vendor "Xymon" for product "Xymon" and version "4.3.22"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.23 Search vendor "Xymon" for product "Xymon" and version "4.3.23"		-		Affected
Xymon Search vendor "Xymon"		Xymon Search vendor "Xymon" for product "Xymon"				4.3.24 Search vendor "Xymon" for product "Xymon" and version "4.3.24"		-		Affected