CVE-2017-11507MEDIUM
Description
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.
References
Details
Source: MITRE
Published: 2017-12-11
Updated: 2017-12-26
Type: CWE-79
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:check_mk_project:check_mk:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b10:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b11:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b3:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b4:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b5:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b6:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b7:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b8:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:b9:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p10:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p11:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p12:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p13:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p14:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p15:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p16:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p17:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p18:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p19:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p20:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p21:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p22:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p23:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p24:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p25:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p3:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p4:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p5:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p6:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p7:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p8:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.2.8:p9:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b3:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b4:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b5:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b6:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b7:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b8:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:b9:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p1:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p2:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p3:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p4:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p5:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p6:*:*:*:*:*:*
cpe:2.3:a:check_mk_project:check_mk:1.4.0:p7:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 105256 | Check_MK Internal Server Error XSS | Nessus | CGI abuses : XSS | medium |