Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2019-17104 |
CWE-ID | CWE-565 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Centreon Web applications / Remote management & hosting panels |
Vendor | Centreon |
Security Bulletin
This security bulletin contains information about 1 vulnerabilities.
Updated: 30.01.2020
Updated list of affected versions.
Updated: 06.07.2020
Changed bulletin status to patched, lowered severity rating of this issue.
EUVDB-ID: #VU22317
Risk: Low
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-17104
CWE-ID:
CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Exploit availability: No
Description
The vulnerability allows a remote attacker to access sensitive information on the target system.
The vulnerability exists due to the cookie configuration within the Apache HTTP Server does not have protection against theft because the HTTPOnly flag is not set. A remote attacker can eavesdropping cookies on the network and obtain sensitive information.
The vendor will update documentation oh how to configure HTTPS on a virtual machine.
Centreon: 2.4.0 - 19.10.5
External linkshttp://www.openwall.com/lists/oss-security/2019/10/09/2
http://www.openwall.com/lists/oss-security/2019/10/08/1
http://github.com/centreon/centreon/issues/7097
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.