6.1

CVSS Score

3.0

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-9605

CVE-2016-9605: Cobbler Arbitrary File Read

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2016-9605

CVE-2016-9605:

6.1

CVSS Score

3.0

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
cobbler	pip	<= 2.6.11-1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability involves path traversal via the 'script' parameter in cobbler-web's profile service endpoint (/cblr/svc/profile/.../op/script). The function responsible for processing this parameter (likely named render_script or similar in web views) fails to properly validate() user input, allowing '../' sequences to escape the intended directory. This matches the described attack vector and CWE-79's context of improper input validation. Confidence is medium due to lack of direct code references, but the URL structure and vulnerability pattern strongly suggest this handler is involved.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2016-9605: Cobbler Arbitrary File Read

CVE-2016-9605:

6.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Basic Information

Basic Information

CVE-2016-9605: Cobbler Arbitrary File Read

6.1

6.1

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI