[Pkg-nagios-devel] Bug#504894: another SA issue
steffen.joeris at skolelinux.de
Sat Nov 8 07:58:47 UTC 2008
Please also see this advisory as an additional issue.
A vulnerability has been reported in Nagios, which can be exploited by
malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the request. This can be
exploited to perform unspecified actions e.g. when a logged-in user visits a
malicious web site.
The vulnerability is reported in versions prior to 3.0.5.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20081108/03e2828c/attachment.pgp
More information about the Pkg-nagios-devel