op5 Monitor < 6.1.0 Information Disclosure and Security Bypass Vulnerabilities

medium Nessus Plugin ID 67008

Synopsis

A PHP application hosted on the remote web server is affected by information disclosure and security bypass vulnerabilities.

Description

The version of op5 Monitor hosted on the remote web server is earlier than 6.1.0. It is, therefore, affected by the following information disclosure and security bypass vulnerabilities:

- Log files can be accessed without authentication, which may contain sensitive information. (Bug 6599)

- A flaw exists relating to the Ninja component that may lead to unauthorized disclosure of sensitive information when handling group rights, group hosts or when accessing the Servicegroup summary. This flaw reportedly affects op5 6.x < 6.1.0. (Bug 6657)

- A flaw exists in the Nacoma component that is triggered during handling of host permissions. This flaw reportedly affects op5 6.x < 6.1.0. (Bug 6667)

- A flaw exists in the Ninja component that may lead to disclosure of hostnames. This flaw reportedly affects op5 6.x < 6.1.0. (Bug 6779)

- Limited view users can see comments of other servers.
This flaw reportedly affects op5 6.x < 6.1.0. (Bug 6929)

Solution

Upgrade op5 Monitor to version 6.1.0 or later.

See Also

https://jira.op5.com?project_id=3

https://jira.op5.com/issues/?jql=%22External%20issue%20ID%22%20~%206599

https://jira.op5.com/issues/?jql=%22External%20issue%20ID%22%20~%206657

https://jira.op5.com/issues/?jql=%22External%20issue%20ID%22%20~%206667

https://jira.op5.com/issues/?jql=%22External%20issue%20ID%22%20~%206779

https://jira.op5.com/issues/?jql=%22External%20issue%20ID%22%20~%206929

Plugin Details

Severity: Medium

ID: 67008

File Name: op5_monitor_6_1_0.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 6/27/2013

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:op5:monitor

Required KB Items: www/op5_monitor

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/14/2013

Vulnerability Publication Date: 5/14/2013

Reference Information

BID: 59880