Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nagios XI < 2011R1.9 Multiple Vulnerabilities

Medium

Synopsis

A vulnerable version of Nagios XI has been detected.

Description

Versions of Nagios XI prior to 2011R1.9 are affected by multiple vulnerabilities:

- A privilege escalation vulnerability exists in the method used to install RPMs.

- A privilege escalation vulnerability exists in the method used to edit crontab files.

- Multiple reflective cross-site scripting vulnerabilities exist due to the failure to sanitize GET request query strings.

- A stored cross-site scripting vulnerability exists in the 'reports/myreports.php' script due to the failure to sanitize the report name.

Solution

Upgrade to Nagios XI 2011R1.9 or later.