Nagios Log Server < 1.4.2 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9599

Synopsis

The remote host is running a version of Nagios Log Server that is affected by multiple attack vectors.

Description

Versions of Nagios Log Server prior to 1.4.2 are vulnerable to the following issues :

- A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the '/nagioslogserver/dashboard' script does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- A flaw exists in the 'api/check/create/1' script that is due to the server failing to properly enforce access controls related to the 'alert' parameter. This may allow a remote attacker to execute arbitrary code.
- A flaw exists that is due to the program setting insecure permissions for 'get_logstash_ports.sha'. This may allow a local attacker to gain elevated privileges.

Solution

Upgrade Log Server to version 1.4.2 or later.

See Also

http://www.security-assessment.com/files/documents/advisory/NagiosLogServerAdvisory.pdf

https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT

Plugin Details

Severity: Critical

ID: 9599

Family: CGI

Published: 9/30/2016

Updated: 3/6/2019

Vulnerability Information

Patch Publication Date: 7/22/2016

Vulnerability Publication Date: 8/11/2016