[Pkg-nagios-devel] Bug#504894: another SA issue

Steffen Joeris steffen.joeris at skolelinux.de
Sat Nov 8 07:58:47 UTC 2008


Please also see this advisory[0] as an additional issue.

A vulnerability has been reported in Nagios, which can be exploited by 
malicious people to conduct cross-site request forgery attacks.
 The application allows users to perform certain actions via HTTP requests 
without performing any validity checks to verify the request. This can be 
exploited to perform unspecified actions e.g. when a logged-in user visits a 
malicious web site.
 The vulnerability is reported in versions prior to 3.0.5.


[0]: http://secunia.com/Advisories/32543/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20081108/03e2828c/attachment.pgp 

More information about the Pkg-nagios-devel mailing list