Executive Summary
Summary | |
---|---|
Title | Centreon contains multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#298796 | First vendor Publication | 2014-10-17 |
Vendor | VU-CERT | Last vendor Modification | 2014-10-17 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#298796Centreon contains multiple vulnerabilitiesOverviewCentreon version 2.5.1 and Centreon Enterprise Server version 2.2 contain multiple vulnerabilities. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThanks to Tod Beardsley of Rapid7 for reporting this vulnerability and MaZ for the original vulnerability discovery. This document was written by Chris King. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/298796 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
50 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-08-04 | Centreon makeXML_ListMetrics.php SQL injection attempt RuleID : 35017 - Revision : 3 - Type : SERVER-WEBAPP |
2015-08-04 | Centreon cmdGetExample.php SQL injection attempt RuleID : 35016 - Revision : 3 - Type : SERVER-WEBAPP |
2015-08-04 | Centreon GetXmlTree.php SQL injection attempt RuleID : 35015 - Revision : 4 - Type : SERVER-WEBAPP |
2015-08-04 | Centreon GetXMLTrapsForVendor.php SQL injection attempt RuleID : 35014 - Revision : 3 - Type : SERVER-WEBAPP |
2014-12-02 | Centreon displayServiceStatus.php command injection attempt RuleID : 32352 - Revision : 4 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-23 | Name : The remote web server contains a PHP application that is affected by multiple... File : centreon_253.nasl - Type : ACT_GATHER_INFO |
2014-12-23 | Name : The remote web server contains a PHP application that is affected by a SQL in... File : centreon_mnftr_id_sqli.nasl - Type : ACT_ATTACK |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:15 |
|
2014-12-24 13:25:34 |
|
2014-11-14 13:24:30 |
|
2014-10-23 21:29:41 |
|
2014-10-23 09:29:45 |
|
2014-10-17 21:19:25 |
|