ZABBIX Denial Of Service And SQL Injection Vulnerabilities Network Vulnerability

Summary

ZABBIX is prone to a denial-of-service vulnerability and an SQL- injection vulnerability. Successful exploits may allow remote attackers to crash the affected application, exploit latent vulnerabilities in the underlying database, access or modify data, or compromise the application. Versions prior to ZABBIX 1.6.8 are vulnerable.

Solution

Updates are available. Please see the references for details.

References

http://secunia.com/advisories/37740/
http://www.zabbix.com/index.php
https://support.zabbix.com/browse/ZBX-1031
https://support.zabbix.com/browse/ZBX-1355

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4499, CVE-2009-4501
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AWStats configdir parameter arbitrary cmd exec
Arkeia Appliance Multiple Vulnerabilities
ARRIS 2307 Unprotected Web Console
Adobe ColdFusion Information Disclosure Vulnerability
AudiStat multiple vulnerabilities

ZABBIX Denial Of Service and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities