[Pkg-nagios-devel] Bug#504894: another SA issue
Steffen Joeris
steffen.joeris at skolelinux.de
Sat Nov 8 07:58:47 UTC 2008
Hi
Please also see this advisory[0] as an additional issue.
Description:
A vulnerability has been reported in Nagios, which can be exploited by
malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the request. This can be
exploited to perform unspecified actions e.g. when a logged-in user visits a
malicious web site.
The vulnerability is reported in versions prior to 3.0.5.
Cheers
Steffen
[0]: http://secunia.com/Advisories/32543/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20081108/03e2828c/attachment.pgp
More information about the Pkg-nagios-devel
mailing list