CVE-2013-2214 in Nagiosالمعلومات

الملخص

بحسب MITRE

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

حجز

19/02/2013

إفشاء

10/02/2014

الاعتدال

تمت الموافقة

إدخال

VDB-9301

EPSS

0.04343

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to stay up to date on a daily basis?

Enable the mail alert feature now!