CVE-2013-2214 in Nagiosinformação

Sumário

de MITRE

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservar

19/02/2013

Divulgação

10/02/2014

Moderação

aceite

Entrada

VDB-9301

CPE

pronto

EPSS

0.04343

KEV

não

Atividades

muito baixo

Fontes

Do you want to use VulDB in your project?

Use the official API to access entries easily!