op5 Monitor < 6.1.0 Information Disclosure and Security Bypass Vulnerabilities

medium Nessus Plugin ID 67008

Language:

Synopsis

A PHP application hosted on the remote web server is affected by information disclosure and security bypass vulnerabilities.

Description

The version of op5 Monitor hosted on the remote web server is earlier than 6.1.0. It is, therefore, affected by the following information disclosure and security bypass vulnerabilities:

- Log files can be accessed without authentication, which may contain sensitive information. (Bug 6599)

- A flaw exists relating to the Ninja component that may lead to unauthorized disclosure of sensitive information when handling group rights, group hosts or when accessing the Servicegroup summary. This flaw reportedly affects op5 6.x < 6.1.0. (Bug 6657)

- A flaw exists in the Nacoma component that is triggered during handling of host permissions. This flaw reportedly affects op5 6.x < 6.1.0. (Bug 6667)

- A flaw exists in the Ninja component that may lead to disclosure of hostnames. This flaw reportedly affects op5 6.x < 6.1.0. (Bug 6779)

- Limited view users can see comments of other servers.
This flaw reportedly affects op5 6.x < 6.1.0. (Bug 6929)

Solution

Upgrade op5 Monitor to version 6.1.0 or later.

Plugin Details

Severity: Medium

ID: 67008

File Name: op5_monitor_6_1_0.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 6/27/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:op5:monitor

Required KB Items: www/op5_monitor

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/14/2013

Vulnerability Publication Date: 5/14/2013

Reference Information

BID: 59880

Detections

Analytics