Nagios Looking Glass Local File Include Vulnerability Network Vulnerability

Summary

Nagios Looking Glass is prone to a local file-include vulnerability

Impact

An attacker can exploit this issue to obtain potentially sensitive information and execute arbitrary local scripts in the context of the Web server process. This may aid in further attacks.

Solution

Ask the Vendor for an update.

Insight

The application fails to adequately validate user-supplied input.

Affected

Nagios Looking Glass 1.1.0 beta 2 and prior are vulnerable.

Detection

Try to read the s3_config.inc.php via HTTP GET request.

References

http://www.nagios.org/
http://www.securityfocus.com/bid/63381

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Apache Rave User Information Disclosure Vulnerability
/doc directory browsable ?
Apache Tomcat Login Constraints Security Bypass Vulnerability
An Image Gallery Multiple Cross-Site Scripting Vulnerability
Apache Struts Directory Traversal Vulnerability

Take action and discover your vulnerabilities