oss-sec mailing list archives
CVE-2016-7067 - CSRF in Monit Service Manager
From: Adith Sudhakar <adith.sudhakar () gmail com>
Date: Thu, 27 Oct 2016 13:58:38 -0700
Hello, I'd found a CSRF issue in Monit(https://mmonit.com/monit/) in the Service Manager application that affects versions 5.19.0 and earlier. Red Hat has assigned CVE-2016-7067 to this issue. Monit has fixed this issue in version 5.20.0 Description: The forms in Monit's Service Manager are vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host, disable/enable monitoring for a specific service. Upstream Commit: https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master Adith Sudhakar
Current thread:
- CVE-2016-7067 - CSRF in Monit Service Manager Adith Sudhakar (Oct 27)