xss vulnerabilities in nagios 3.2.3
Michael Friedrich
michael.friedrich at univie.ac.at
Fri Jun 10 10:57:20 CEST 2011
hi,
on your tracker, 2 issues point to several xss vulnerabilities. since
we've fixed them in icinga, and previous command expander needed an
enhanced patch too, i decided to push that over her too while adding
that patch to the omd package.
description is in icinga's dev tracker
https://dev.icinga.org/issues/1281
https://dev.icinga.org/issues/1605
this is a combined fix of those 2 issues #207 #224 @ tracker.nagios.org,
diff'ed against 3.2.3 release on holger's git repository.
feel free to to accept it or not, as usual i won't provide any tests as
user feedback was sufficient.
kind regards,
michael
--
DI (FH) Michael Friedrich
Vienna University Computer Center
Universitaetsstrasse 7 A-1010 Vienna, Austria
email: michael.friedrich at univie.ac.at
phone: +43 1 4277 14359
mobile: +43 664 60277 14359
fax: +43 1 4277 14338
web: http://www.univie.ac.at/zid
http://www.aco.net
Icinga Core& IDOUtils Developer
http://www.icinga.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-fix-xss-vulnerability-in-config-statusmap.cgi-tracke.patch
Type: text/x-diff
Size: 10064 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20110610/a8a39a46/attachment.patch>
-------------- next part --------------
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
More information about the Developers
mailing list