Nagios Log Server Multiple Vulnerabilities

Published: 2016-10-12 06:26:09

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Detection Type:
remote_active

Solution Type:
Vendor Patch

Summary:
Nagios Log Server is prone to multiple vulnerabilities, including authentication bypass, stored cross site scripting, inconsistent authorization controls and privilege escalation vulnerability.

Affected Versions:
Nagios Log Server 1.4.1 and before.

Recommendations:
Upgrade to version 1.4.2.

Detection Method:
Sends a crafted HTTP POST request and checks the response.

References:

http://seclists.org/fulldisclosure/2016/Aug/56

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.