Source: monit Version: 1:5.25.2-3 Severity: important Tags: security upstream Control: found -1 1:5.20.0-6
Hi, The following vulnerabilities were published for monit. CVE-2019-11454[0]: | Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash | Monit before 5.25.3 allows a remote unauthenticated attacker to | introduce arbitrary JavaScript via manipulation of an unsanitized user | field of the Authorization header for HTTP Basic Authentication, which | is mishandled during an _viewlog operation. CVE-2019-11455[1]: | A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit | before 5.25.3 allows a remote authenticated attacker to retrieve the | contents of adjacent memory via manipulation of GET or POST | parameters. The attacker can also cause a denial of service | (application outage). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11454 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11454 [1] https://security-tracker.debian.org/tracker/CVE-2019-11455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11455 Regards, Salvatore
