PT-2019-7540 · Zabbix+3 · Zabbix+3
Oliveira Lima
·
Publicado
2014-09-21
·
Atualizado
2022-06-15
·
CVE-2016-10742
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Zabbix versions 2.2 through 2.2.21rc1
Zabbix versions 3.0 through 3.0.13rc1
Zabbix versions 3.1.x through 3.2.10rc1
Zabbix versions 3.3.x through 3.4.4rc1
Description
The issue allows for an open redirect via the
request parameter. This can potentially be exploited by attackers to redirect users to malicious websites.Recommendations
For Zabbix versions 2.2 through 2.2.21rc1, update to version 2.2.21rc1 or later.
For Zabbix versions 3.0 through 3.0.13rc1, update to version 3.0.13rc1 or later.
For Zabbix versions 3.1.x through 3.2.10rc1, update to version 3.2.10rc1 or later.
For Zabbix versions 3.3.x through 3.4.4rc1, update to version 3.4.4rc1 or later.
As a temporary workaround, consider restricting access to the vulnerable parameter
request until a patch is available.Exploit
Correção
Open Redirect
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Linuxmint
Ubuntu
Zabbix