PT-2014-2573 · Nagios+1 · Nagios+1

Vincent Danen

Published

2014-02-10

Updated

2024-06-15

CVE-2013-2214

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nagios versions 3.x through 3.5.0 Nagios versions 4.0 through 4.0 beta3

Description The issue allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup overview, summary, or grid style in status.cgi. This behavior was initially by design in most 3.x versions, but the upstream vendor decided to change it for Nagios 4 and version 3.5.1.

Recommendations For Nagios versions 3.x through 3.5.0, update to version 3.5.1 or later. For Nagios versions 4.0 through 4.0 beta3, update to version 4.0 beta4 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2017-2354

CVE-2013-2214

OPENSUSE-SU-2024:11073-1

Affected Products

Alt Linux

Nagios

PT-2014-2573 · Nagios+1 · Nagios+1

CVE-2013-2214

Weakness Enumeration

Related Identifiers

Affected Products

References · 41