Oval Definition:oval:org.opensuse.security:def:20132214
Revision Date:2022-06-30Version:1
Title:CVE-2013-2214
Description:

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2013-2214
Mitre CVE-2013-2214
SUSE CVE-2013-2214
openSUSE-SU-2013:1158-1
openSUSE-SU-2013:1160-1
Platform(s):openSUSE 12.2 Update
openSUSE 12.3 Update
openSUSE Leap 42.1
openSUSE Leap 42.2
openSUSE Leap 42.3
openSUSE Tumbleweed
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP3
Product(s):
Definition Synopsis
  • openSUSE Leap 42.1 is installed
  • AND Package Information
  • nagios-3.5.1-1.1 is installed
  • AND nagios is signed with openSUSE key
  • OR
  • nagios-www-3.5.1-1.1 is installed
  • AND nagios-www is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 42.2 is installed
  • AND Package Information
  • nagios-3.5.1-2.3 is installed
  • AND nagios is signed with openSUSE key
  • OR
  • nagios-www-3.5.1-2.3 is installed
  • AND nagios-www is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • nagios-3.5.1-4 is installed
  • AND nagios is signed with openSUSE key
  • OR
  • nagios-www-3.5.1-4 is installed
  • AND nagios-www is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • nagios-4.4.6-2.5 is installed
  • OR nagios-contrib-4.4.6-2.5 is installed
  • OR nagios-devel-4.4.6-2.5 is installed
  • OR nagios-theme-exfoliation-4.4.6-2.5 is installed
  • OR nagios-www-4.4.6-2.5 is installed
  • OR nagios-www-dch-4.4.6-2.5 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP1 is installed
  • OR SUSE Linux Enterprise Server 11 SP2 is installed
  • OR SUSE Linux Enterprise Server 11 SP3 is installed
  • AND nagios is affected
    • BACK