CVE-2012-0263

Name of the Vulnerable Software and Affected Versions op5 Monitor and op5 Appliance versions prior to 5.5.1

Description The issue allows remote authenticated users to obtain sensitive information, such as database and user credentials, via error messages triggered by specific actions. This can be achieved by either providing a malformed hoststatustypes parameter to the "status/service/all" endpoint or by sending a crafted request to "config".

Recommendations For versions prior to 5.5.1, update to version 5.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "status/service/all" endpoint and the "config" section to minimize the risk of exploitation. Avoid using the hoststatustypes parameter in the affected endpoint until the issue is resolved.