Summary
The host is running Zenoss Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to view, add, modify or delete information in the back-end database or conduct cross site request forgery attacks.
Impact Level: Application
Solution
Update to version 2.5 or later.
For updates refer to http://www.zenoss.com/product/network-monitoring
Insight
- Input passed via the 'severity', 'state', 'filter', 'offset', and 'count' parameters to /zport/dmd/Events/getJSONEventsInfo is not properly sanitised before being used in SQL queries.
- The application allows administrative users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change administrator passwords via zport/dmd/ZenUsers/admin or execute arbitrary shell commands via zport/dmd/userCommands/ by tricking an administrative user into visiting a malicious web site.
Affected
Zenoss Server versions prior to 2.5
References
- http://secunia.com/advisories/38195
- http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/
- http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/
- http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html
- http://xforce.iss.net/xforce/xfdb/55670
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2010-0712, CVE-2010-0713 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities
- Apache Tomcat Directory Listing and File disclosure
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability