[Pkg-nagios-devel] Bug#504894: Bug#504894: another SA issue

Alexander Wirt formorer at debian.org
Sat Nov 8 21:42:40 UTC 2008

Steffen Joeris schrieb am Samstag, den 08. November 2008:

> Hi
> Please also see this advisory[0] as an additional issue.
> Description:
> A vulnerability has been reported in Nagios, which can be exploited by 
> malicious people to conduct cross-site request forgery attacks.
>  The application allows users to perform certain actions via HTTP requests 
> without performing any validity checks to verify the request. This can be 
> exploited to perform unspecified actions e.g. when a logged-in user visits a 
> malicious web site.
>  The vulnerability is reported in versions prior to 3.0.5.
> Cheers
> Steffen
> [0]: http://secunia.com/Advisories/32543/
Just for the notes, I'm currently working on the issue. 

Alexander Wirt, formorer at formorer.de 
CC99 2DDD D39E 75B0 B0AA  B25C D35B BC99 BC7D 020A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20081108/56c9ee5a/attachment.pgp 

More information about the Pkg-nagios-devel mailing list