[Pkg-nagios-devel] Bug#504894: Bug#504894: another SA issue
Alexander Wirt
formorer at debian.org
Sat Nov 8 21:42:40 UTC 2008
Steffen Joeris schrieb am Samstag, den 08. November 2008:
> Hi
>
> Please also see this advisory[0] as an additional issue.
>
> Description:
> A vulnerability has been reported in Nagios, which can be exploited by
> malicious people to conduct cross-site request forgery attacks.
>
> The application allows users to perform certain actions via HTTP requests
> without performing any validity checks to verify the request. This can be
> exploited to perform unspecified actions e.g. when a logged-in user visits a
> malicious web site.
>
> The vulnerability is reported in versions prior to 3.0.5.
>
> Cheers
> Steffen
>
> [0]: http://secunia.com/Advisories/32543/
Just for the notes, I'm currently working on the issue.
Alex
--
Alexander Wirt, formorer at formorer.de
CC99 2DDD D39E 75B0 B0AA B25C D35B BC99 BC7D 020A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20081108/56c9ee5a/attachment.pgp
More information about the Pkg-nagios-devel
mailing list