ALT-PU-2014-1942-1
Closed vulnerabilities
Published: 2014-06-14
BDU:2018-00371
Уязвимость универсальной системы мониторинга Zabbix, связанная с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю выполнить произвольный код или прочитать произвольные файлы
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2018-02-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3005
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html
- http://seclists.org/fulldisclosure/2014/Jun/87
- http://www.securityfocus.com/bid/68075
- https://bugzilla.redhat.com/show_bug.cgi?id=1110496
- https://support.zabbix.com/browse/ZBX-8151
- https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html
- http://seclists.org/fulldisclosure/2014/Jun/87
- http://www.securityfocus.com/bid/68075
- https://bugzilla.redhat.com/show_bug.cgi?id=1110496
- https://support.zabbix.com/browse/ZBX-8151
- https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273
Closed bugs
Изменить права на файлы юнитов systemd