Main Vulnerability Database SB2019100821

SB2019100821 - Information disclosure in Centreon

Published: October 8, 2019 Updated: July 6, 2020

Security Bulletin ID SB2019100821

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Reliance on Cookies without Validation and Integrity Checking (CVE-ID: CVE-2019-17104)

The vulnerability allows a remote attacker to access sensitive information on the target system.

The vulnerability exists due to the cookie configuration within the Apache HTTP Server does not have protection against theft because the HTTPOnly flag is not set. A remote attacker can eavesdropping cookies on the network and obtain sensitive information.

Remediation

Install update from vendor's website.

References

https://www.openwall.com/lists/oss-security/2019/10/09/2
https://www.openwall.com/lists/oss-security/2019/10/08/1
https://github.com/centreon/centreon/issues/7097