ALT-PU-2019-1373-1
Closed vulnerabilities
BDU:2020-01554
Уязвимость утилиты для управления и мониторинга процессов, программ, файлов и каталогов Monit, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-01555
Уязвимость реализации метода Util_urlDecode утилиты для управления и мониторинга процессов, программ, файлов и каталогов Monit, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-11454
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
- https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
- https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
- https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
- https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
- https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py
- https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py
- [debian-lts-announce] 20190426 [SECURITY] [DLA 1767-1] monit security update
- [debian-lts-announce] 20190426 [SECURITY] [DLA 1767-1] monit security update
- [debian-lts-announce] 20211227 [SECURITY] [DLA 2855-1] monit security update
- [debian-lts-announce] 20211227 [SECURITY] [DLA 2855-1] monit security update
- FEDORA-2020-f70cd7c24b
- FEDORA-2020-f70cd7c24b
- FEDORA-2020-9c19202d55
- FEDORA-2020-9c19202d55
- USN-3971-1
- USN-3971-1
Modified: 2024-11-21
CVE-2019-11455
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
- https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
- https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
- https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py
- https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py
- https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py
- https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py
- [debian-lts-announce] 20190426 [SECURITY] [DLA 1767-1] monit security update
- [debian-lts-announce] 20190426 [SECURITY] [DLA 1767-1] monit security update
- [debian-lts-announce] 20211227 [SECURITY] [DLA 2855-1] monit security update
- [debian-lts-announce] 20211227 [SECURITY] [DLA 2855-1] monit security update
- FEDORA-2020-f70cd7c24b
- FEDORA-2020-f70cd7c24b
- FEDORA-2020-9c19202d55
- FEDORA-2020-9c19202d55
- USN-3971-1
- USN-3971-1