PT-2019-7540 · Zabbix+3 · Zabbix+3

Oliveira Lima

Published

2014-09-21

Updated

2022-06-15

CVE-2016-10742

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Zabbix versions 2.2 through 2.2.21rc1 Zabbix versions 3.0 through 3.0.13rc1 Zabbix versions 3.1.x through 3.2.10rc1 Zabbix versions 3.3.x through 3.4.4rc1

Description The issue allows for an open redirect via the request parameter. This can potentially be exploited by attackers to redirect users to malicious websites.

Recommendations For Zabbix versions 2.2 through 2.2.21rc1, update to version 2.2.21rc1 or later. For Zabbix versions 3.0 through 3.0.13rc1, update to version 3.0.13rc1 or later. For Zabbix versions 3.1.x through 3.2.10rc1, update to version 3.2.10rc1 or later. For Zabbix versions 3.3.x through 3.4.4rc1, update to version 3.4.4rc1 or later. As a temporary workaround, consider restricting access to the vulnerable parameter request until a patch is available.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALT-PU-2014-2165

ALT-PU-2017-2601

CVE-2016-10742

DLA-1708-1

DLA-2461-1

USN-4767-1

Affected Products

Alt Linux

Linuxmint

Ubuntu

Zabbix

PT-2019-7540 · Zabbix+3 · Zabbix+3

CVE-2016-10742

Weakness Enumeration

Related Identifiers

Affected Products

References · 24