Steffen Joeris schrieb am Samstag, den 08. November 2008: > Hi > > Please also see this advisory[0] as an additional issue. > > Description: > A vulnerability has been reported in Nagios, which can be exploited by > malicious people to conduct cross-site request forgery attacks. > > The application allows users to perform certain actions via HTTP requests > without performing any validity checks to verify the request. This can be > exploited to perform unspecified actions e.g. when a logged-in user visits a > malicious web site. > > The vulnerability is reported in versions prior to 3.0.5. > > Cheers > Steffen > > [0]: http://secunia.com/Advisories/32543/ Just for the notes, I'm currently working on the issue.
Alex -- Alexander Wirt, [EMAIL PROTECTED] CC99 2DDD D39E 75B0 B0AA B25C D35B BC99 BC7D 020A
signature.asc
Description: Digital signature
