Summary
This host is running Nagios and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow remote attackers to obtain sensitive information.
Impact Level: Application.
Solution
Upgrade to version Nagios version 4.0 beta4, 3.5.1 or later.
For updates refer to http://www.nagios.org
Insight
The flaw exists in status.cgi which fails to restrict access to all service groups
Affected
Nagios version 4.0 before 4.0 beta4 and 3.x before 3.5.1.
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to read the string or not.
References
Severity
Classification
-
CVE CVE-2013-2214 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N
Related Vulnerabilities