[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2016-7067 - CSRF in Monit Service Manager
From:       Adith Sudhakar <adith.sudhakar () gmail ! com>
Date:       2016-10-27 20:58:38
Message-ID: CALOY+aw+wkyLM1BkHGzPQzbP-8_-RM+hjRa6XyTv0Mnt8fLkaw () mail ! gmail ! com
[Download RAW message or body]


Hello,

I'd found a CSRF issue in Monit(https://mmonit.com/monit/) in the Service
Manager application that affects versions 5.19.0 and earlier. Red Hat has
assigned CVE-2016-7067 to this issue. Monit has fixed this issue in version
5.20.0

Description:
The forms in Monit's Service Manager are vulnerable to a cross site request
forgery attack.
Successful exploitation will enable an attacker to disable/enable all
monitoring for a particular host, disable/enable monitoring for a specific
service.

Upstream Commit:
https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master

Adith Sudhakar


[prev in list] [next in list] [prev in thread] [next in thread]