Release date:
Updated on:
Affected Systems:
Mathias-ketaskcheck_mk 1.2.2p2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66391
CVE (CAN) ID: CVE-2014-2329
Check_MK is a common Nagios/Icinga data collection plug-in.
Check_MK 1.2.2p2 and other versions have multiple HTML Injection Vulnerabilities and Cross-Site Scripting Vulnerabilities. After successful exploitation, remote attackers can run uploaded HTML and script code in the context of the affected browser.
<* Source: Deutsche Telekom CERT
Link: http://www.securityfocus.com/archive/1/531594
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Mathias-kettings
---------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://mathias-kettner.de